Commit graph

27 commits

Author SHA1 Message Date
Bart Visscher
fecfeac55d Fix introduced style errors 2012-10-27 17:45:15 +02:00
Bart Visscher
a8d0f84829 Resetting the password should also invalidate the token login cookies 2012-10-17 17:26:12 +02:00
Bart Visscher
0a614429af Change the lostpassword flow to a controller 2012-10-17 17:24:49 +02:00
Lukas Reschke
99cd922b82 Doublehash the token to prevent timing attacks 2012-10-14 12:13:02 +02:00
Lukas Reschke
ef57e9294b Fallback for systems without openssl 2012-09-29 16:44:02 +02:00
Lukas Reschke
36f1c9b083 rand() + uniqid() are not from cryptographic quality 2012-09-29 15:33:10 +02:00
Lukas Reschke
f5fe95a131 Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:15:35 +02:00
Bart Visscher
22d22d19c0 Do urlencoding in linkTo functions 2012-09-28 22:27:52 +02:00
Thomas Müller
9e5807d1f9 fixing syntax error - sorry for that 2012-09-04 13:13:18 +03:00
Thomas Müller
6d358c051f Update core/lostpassword/templates/email.php
respect coding style
2012-09-04 13:10:14 +03:00
Thomas Müller
97e4647ad5 Update core/lostpassword/resetpassword.php 2012-09-04 13:09:25 +03:00
Thomas Müller
395ea2a028 Update core/lostpassword/index.php
respect coding style
2012-09-04 13:08:55 +03:00
Bart Visscher
5153b8b293 Add url-params to url with new parameter in linkTo function 2012-09-03 21:51:32 +02:00
Bjoern Schiessle
680eed6bac fix for bug #1295, don't escape password reset link 2012-07-27 15:35:36 +02:00
Bjoern Schiessle
b9d5f510c3 urlencode link fort password reset (bug #970) 2012-06-13 17:22:28 +02:00
Michael Gapczynski
3c3a2b9b27 Remove old internal mail call for password reset, fixes bug oc-934 2012-06-07 09:25:50 -04:00
Frank Karlitschek
d4ea853fcf use our own serverHost call so that ownCloud works with reverse proxy servers 2012-05-31 20:26:09 +02:00
Frank Karlitschek
a945fa10a6 update copyright 2012-05-26 19:14:24 +02:00
Frank Karlitschek
6bdefef31e csrf protection 2012-04-26 19:35:33 +02:00
Frank Karlitschek
2fbc92bd4b new OC_Mail class to handle all mail sending. The benefit is that is way mor flexible than the standard mail command. can be configured to use a remote smtp relay for example. also port the lostpassword code 2012-04-20 20:49:35 +02:00
Robin Appelman
b1bcc60d83 reuse OC_L10N objects 2012-04-14 16:44:15 +02:00
Tom Needham
85f9869f69 Make the token really random 2012-04-04 13:18:02 +00:00
Tom Needham
95c2ac5d58 Dont typecast variables as integers 2012-04-03 21:14:55 +00:00
Georg Ehrke
03120959e9 add a proper email address for lostpassword service - bugfix for oc-178 2012-03-19 09:09:18 +01:00
Bart Visscher
f47444e1f7 Use separate function to make absolute urls 2012-02-17 22:07:14 +01:00
Bart Visscher
e1b9b65e41 Use correct appid for lostpassword email preference 2011-12-18 23:10:43 +01:00
Bart Visscher
e8c6252a4c Move lostpassword to core dir 2011-10-03 20:44:01 +02:00