Initial work on resetting forgotten passwords. It works, but still need to email a token to allow reset

3 files changed, 58 insertions, 1 deletions

diff --git a/core/templates/lostpassword.php b/core/templates/lostpassword.php
new file mode 100644
index 00000000000..212ca8d2edb
--- /dev/null
+++ b/core/templates/lostpassword.php
@@ -0,0 +1,15 @@
+<form action="index.php?lostpassword" method="post">
+	<fieldset>
+		<?php echo $l->t('You will receive a link to reset your password via Email.'); ?>
+		<?php if ($_['requested']): ?>
+			<?php echo $l->t( 'Requested' ); ?>
+			
+		<?php else: ?>
+			<?php if ($_['error']): ?>
+				<?php echo $l->t( 'Login failed!' ); ?>
+			<?php endif; ?>
+			<input type="text" name="user" id="user" placeholder="<?php echo $l->t('Username or Email'); ?>" value="" autocomplete="off" required autofocus />
+			<input type="submit" id="submit" value="<?php echo $l->t('Request reset'); ?>" />
+		<?php endif; ?>
+	</fieldset>
+</form>
\ No newline at end of file
diff --git a/core/templates/resetpassword.php b/core/templates/resetpassword.php
new file mode 100644
index 00000000000..3c7c46efe13
--- /dev/null
+++ b/core/templates/resetpassword.php
@@ -0,0 +1,10 @@
+<form action="<?php echo "index.php?".$_SERVER['QUERY_STRING'] ?>" method="post">
+	<fieldset>
+		<?php if($_['success']): ?>
+			<?php echo $l->t('Your password was successfully reset'); ?>
+		<?php else: ?>
+			<input type="password" name="password" id="password" placeholder="<?php echo $l->t('New password'); ?>" value="" required />
+			<input type="submit" id="submit" value="<?php echo $l->t('Reset password'); ?>" />
+		<?php endif; ?>
+	</fieldset>
+</form>
\ No newline at end of file
diff --git a/index.php b/index.php
index 4520f40107e..52a00465f22 100644
--- a/index.php
+++ b/index.php
@@ -60,7 +60,7 @@ elseif(OC_User::isLoggedIn()) {
 }
 
 // Someone wants to log in :
-elseif(isset($_POST["user"])) {
+elseif(isset($_POST["user"]) && isset($_POST['password'])) {
 	OC_App::loadApps();
 	if(OC_User::login($_POST["user"], $_POST["password"])) {
 		header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
@@ -81,6 +81,38 @@ elseif(isset($_POST["user"])) {
 	}
 }
 
+// Someone lost their password:
+elseif(isset($_GET['lostpassword'])) {
+	OC_App::loadApps();
+	if (isset($_POST['user'])) {
+		if (OC_User::userExists($_POST['user'])) {
+			$token = sha1($_POST['user']+uniqId());
+			OC_Preferences::setValue($_POST['user'], "owncloud", "lostpassword", $token);
+			// TODO send email with link+token
+			OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => true));
+		} else {
+			OC_Template::printGuestPage("", "lostpassword", array("error" => true, "requested" => false));
+		}
+	} else {
+		OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => false));
+	}
+}
+
+// Someone wants to reset their password:
+elseif(isset($_GET['resetpassword']) && isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], "owncloud", "lostpassword") === $_GET['token']) {
+	OC_App::loadApps();
+	if (isset($_POST['password'])) {
+		if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
+			OC_Preferences::deleteKey($_GET['user'], "owncloud", "lostpassword");
+			OC_Template::printGuestPage("", "resetpassword", array("success" => true));
+		} else {
+			OC_Template::printGuestPage("", "resetpassword", array("success" => false));
+		}
+	} else {
+		OC_Template::printGuestPage("", "resetpassword", array("success" => false));
+	}
+}
+
 // For all others cases, we display the guest page :
 else {
 	OC_App::loadApps();