From af23fa98632aebbb3982032bd114ffc977e20d83 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= Date: Wed, 5 Jun 2013 18:38:39 +0200 Subject: [PATCH] print a warning if a user wants to reset his password and encryption is enabled Conflicts: core/lostpassword/templates/lostpassword.php --- core/lostpassword/controller.php | 14 ++++++++++++-- core/lostpassword/templates/lostpassword.php | 10 ++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php index fbcf4a87f22..9377de5d39a 100644 --- a/core/lostpassword/controller.php +++ b/core/lostpassword/controller.php @@ -8,8 +8,11 @@ class OC_Core_LostPassword_Controller { protected static function displayLostPasswordPage($error, $requested) { + $encrypted = OC_App::isEnabled('files_encryption'); OC_Template::printGuestPage('core/lostpassword', 'lostpassword', - array('error' => $error, 'requested' => $requested)); + array('error' => $error, + 'requested' => $requested, + 'encrypted' => $encrypted)); } protected static function displayResetPasswordPage($success, $args) { @@ -29,7 +32,14 @@ class OC_Core_LostPassword_Controller { } public static function sendEmail($args) { - if (OC_User::userExists($_POST['user'])) { + + if(isset($_POST['noEncryption']) || isset($_POST['continue'])) { + $continue = true; + } else { + $continue = false; + } + + if (OC_User::userExists($_POST['user']) && $continue) { $token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', '')); OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php index dc9f0bc8ad3..c9c9787e9aa 100644 --- a/core/lostpassword/templates/lostpassword.php +++ b/core/lostpassword/templates/lostpassword.php @@ -10,6 +10,16 @@

+ + + +

+ t('Your files seems to be encrypted. If you didn\'t have enabled the recovery key there will be no way to get your data back once the password was resetted. If you are not sure what to do, please contact your administrator first before continue. Do you really want to continue?')); ?>
+ + t('Yes, I really want to reset my password now')); ?>

+ + +

-- 2.39.5