From f70240f4308d89183e00c9620b9703d30f905a99 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= <schiessle@owncloud.com>
Date: Sat, 18 May 2013 10:33:33 +0200
Subject: [PATCH] display a warning if the user has enabled file recovery but
 the admin tries to change the users password without a recovery password

---
 settings/ajax/changepassword.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 6b5bf9c66bd..cb66c57c743 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -28,8 +28,13 @@ if(is_null($userstatus)) {
 	exit();
 }
 
-$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
-if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
+$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
+$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
+$recoveryEnabledForUser = $util->recoveryEnabledForUser();
+
+if ($recoveryAdminEnabled && $recoveryEnabledForUser && $recoveryPassword == '') {
+	OC_JSON::error(array("data" => array( "message" => "Please provide a admin recovery password, otherwise all user data will be lost" )));
+}elseif ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
 	OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." )));
 }elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
 	OC_JSON::success(array("data" => array( "username" => $username )));
@@ -37,4 +42,3 @@ if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
 else{
 	OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
 }
-error_log("bliub");
-- 
2.39.5