Bart Visscher
|
fecfeac55d
|
Fix introduced style errors
|
2012-10-27 17:45:15 +02:00 |
|
Bart Visscher
|
a8d0f84829
|
Resetting the password should also invalidate the token login cookies
|
2012-10-17 17:26:12 +02:00 |
|
Bart Visscher
|
0a614429af
|
Change the lostpassword flow to a controller
|
2012-10-17 17:24:49 +02:00 |
|
Lukas Reschke
|
99cd922b82
|
Doublehash the token to prevent timing attacks
|
2012-10-14 12:13:02 +02:00 |
|
Lukas Reschke
|
ef57e9294b
|
Fallback for systems without openssl
|
2012-09-29 16:44:02 +02:00 |
|
Lukas Reschke
|
36f1c9b083
|
rand() + uniqid() are not from cryptographic quality
|
2012-09-29 15:33:10 +02:00 |
|
Lukas Reschke
|
f5fe95a131
|
Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
|
2012-09-29 15:15:35 +02:00 |
|
Bart Visscher
|
22d22d19c0
|
Do urlencoding in linkTo functions
|
2012-09-28 22:27:52 +02:00 |
|
Thomas Müller
|
9e5807d1f9
|
fixing syntax error - sorry for that
|
2012-09-04 13:13:18 +03:00 |
|
Thomas Müller
|
6d358c051f
|
Update core/lostpassword/templates/email.php
respect coding style
|
2012-09-04 13:10:14 +03:00 |
|
Thomas Müller
|
97e4647ad5
|
Update core/lostpassword/resetpassword.php
|
2012-09-04 13:09:25 +03:00 |
|
Thomas Müller
|
395ea2a028
|
Update core/lostpassword/index.php
respect coding style
|
2012-09-04 13:08:55 +03:00 |
|
Bart Visscher
|
5153b8b293
|
Add url-params to url with new parameter in linkTo function
|
2012-09-03 21:51:32 +02:00 |
|
Bjoern Schiessle
|
680eed6bac
|
fix for bug #1295, don't escape password reset link
|
2012-07-27 15:35:36 +02:00 |
|
Bjoern Schiessle
|
b9d5f510c3
|
urlencode link fort password reset (bug #970)
|
2012-06-13 17:22:28 +02:00 |
|
Michael Gapczynski
|
3c3a2b9b27
|
Remove old internal mail call for password reset, fixes bug oc-934
|
2012-06-07 09:25:50 -04:00 |
|
Frank Karlitschek
|
d4ea853fcf
|
use our own serverHost call so that ownCloud works with reverse proxy servers
|
2012-05-31 20:26:09 +02:00 |
|
Frank Karlitschek
|
a945fa10a6
|
update copyright
|
2012-05-26 19:14:24 +02:00 |
|
Frank Karlitschek
|
6bdefef31e
|
csrf protection
|
2012-04-26 19:35:33 +02:00 |
|
Frank Karlitschek
|
2fbc92bd4b
|
new OC_Mail class to handle all mail sending. The benefit is that is way mor flexible than the standard mail command. can be configured to use a remote smtp relay for example. also port the lostpassword code
|
2012-04-20 20:49:35 +02:00 |
|
Robin Appelman
|
b1bcc60d83
|
reuse OC_L10N objects
|
2012-04-14 16:44:15 +02:00 |
|
Tom Needham
|
85f9869f69
|
Make the token really random
|
2012-04-04 13:18:02 +00:00 |
|
Tom Needham
|
95c2ac5d58
|
Dont typecast variables as integers
|
2012-04-03 21:14:55 +00:00 |
|
Georg Ehrke
|
03120959e9
|
add a proper email address for lostpassword service - bugfix for oc-178
|
2012-03-19 09:09:18 +01:00 |
|
Bart Visscher
|
f47444e1f7
|
Use separate function to make absolute urls
|
2012-02-17 22:07:14 +01:00 |
|
Bart Visscher
|
e1b9b65e41
|
Use correct appid for lostpassword email preference
|
2011-12-18 23:10:43 +01:00 |
|
Bart Visscher
|
e8c6252a4c
|
Move lostpassword to core dir
|
2011-10-03 20:44:01 +02:00 |
|