Fix password authentication for links and fix template problems for links by creating a new base layout

4 files changed, 26 insertions, 10 deletions

diff --git a/apps/files_sharing/css/public.css b/apps/files_sharing/css/public.css
index aa76c06175b..f38afae3dd8 100644
--- a/apps/files_sharing/css/public.css
+++ b/apps/files_sharing/css/public.css
@@ -1,2 +1,7 @@
-#content { position:relative; }
-#preview p { text-align: center; }
\ No newline at end of file
+body { background:#ddd; }
+#header { position:fixed; top:0; left:0; right:0; z-index:100; height:2.5em; line-height:2.5em; padding:.5em; background:#1d2d44; -moz-box-shadow:0 0 10px rgba(0, 0, 0, .5), inset 0 -2px 10px #222; -webkit-box-shadow:0 0 10px rgba(0, 0, 0, .5), inset 0 -2px 10px #222; box-shadow:0 0 10px rgba(0, 0, 0, .5), inset 0 -2px 10px #222; }
+#details { color:#fff; }
+#download { margin-left:2em; font-weight:bold; color:#fff; }
+#preview { min-height:30em; margin:50px auto; border-bottom:1px solid #f8f8f8; background:#eee; text-align:center; }
+p.info { width:22em; text-align: center; margin:2em auto; color:#777; text-shadow:#fff 0 1px 0; }
+p.info a { font-weight:bold; color:#777; }
\ No newline at end of file
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 15dac576d98..a4bf0230a3a 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -5,6 +5,7 @@ if (isset($_GET['file'])) {
 	$pos = strpos($_GET['file'], '/', 1);
 	$uidOwner = substr($_GET['file'], 1, $pos - 1);
 	if (OCP\User::userExists($uidOwner)) {
+		OC_Util::tearDownFS();
 		OC_Util::setupFS($uidOwner);
 		$file = substr($_GET['file'], $pos);
 		$fileSource = OC_Filecache::getId($_GET['file'], '');
@@ -18,14 +19,19 @@ if (isset($_GET['file'])) {
 					$hasher = new PasswordHash(8, $forcePortable);
 					if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash))) {
 						$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+						$tmpl->assign('URL', OCP\Util::linkToPublic('files').'&file='.$_GET['file']);
 						$tmpl->assign('error', true);
 						$tmpl->printPage();
 						exit();
+					} else {
+						// Save item id in session for future requests
+						$_SESSION['public_link_authenticated'] = $linkItem['id'];
 					}
-					// Continue on if password is valid
-				} else {
+				// Check if item id is set in session
+				} else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) {
 					// Prompt for password
 					$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+					$tmpl->assign('URL', OCP\Util::linkToPublic('files').'&file='.$_GET['file']);
 					$tmpl->printPage();
 					exit();
 				}
@@ -45,7 +51,8 @@ if (isset($_GET['file'])) {
 				OCP\Util::addStyle('files_sharing', 'public');
 				OCP\Util::addScript('files_sharing', 'public');
 				OCP\Util::addScript('files', 'fileactions');
-				$tmpl = new OCP\Template('files_sharing', 'public', 'guest');
+				$tmpl = new OCP\Template('files_sharing', 'public', 'base');
+				$tmpl->assign('details', $uidOwner.' shared the file '.basename($path).' with you');
 				$tmpl->assign('owner', $uidOwner);
 				$tmpl->assign('name', basename($path));
 				// Show file list
diff --git a/apps/files_sharing/templates/authenticate.php b/apps/files_sharing/templates/authenticate.php
index 41064d51464..9695caebf18 100644
--- a/apps/files_sharing/templates/authenticate.php
+++ b/apps/files_sharing/templates/authenticate.php
@@ -1,4 +1,4 @@
-<form action="index.php" method="post">
+<form action="<?php echo $_['URL']; ?>" method="post">
 	<fieldset>
 		<p>
 			<label for="password" class="infield"><?php echo $l->t('Password'); ?></label>
diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index 065818c2200..36e159dafee 100755
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -2,12 +2,16 @@
 <input type="hidden" name="downloadURL" value="<?php echo $_['downloadURL'] ?>" id="downloadURL">
 <input type="hidden" name="filename" value="<?php echo $_['filename'] ?>" id="filename">
 <input type="hidden" name="mimetype" value="<?php echo $_['mimetype'] ?>" id="mimetype">
+<header><div id="header">
+	<a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
+	<div class="header-right">
+		<span id="details"><?php echo $_['details']; ?></span>
+		<a href="<?php echo $_['downloadURL']; ?>" id="download"><img class="svg" alt="Download" src="<?php echo OCP\image_path("core", "actions/download.svg"); ?>" /><?php echo $l->t('Download')?></a>
+	</div>
+</div></header>
 <div id="preview">
-	<p><?php echo $_['owner']; ?> shared the file <?php echo $_['name'] ?> with you</p>
-</div>
-<div id="content">
 	<?php if (substr($_['mimetype'], 0 , strpos($_['mimetype'], '/')) == 'image'): ?>
 		<img src="<?php echo $_['downloadURL']; ?>" />
 	<?php endif; ?>
 </div>
-<a href="<?php echo $_['downloadURL']; ?>">Download</a>
\ No newline at end of file
+<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> &ndash; <?php echo $l->t('web services under your control'); ?></p></footer>
\ No newline at end of file