diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-15 16:14:24 +0200 |
|---|---|---|
| committer | Daniel Molkentin <daniel@molkentin.de> | 2012-10-15 17:42:38 +0200 |
| commit | d33bec09fe1da810f0a7f60d9b6a61e513ce0b2f (patch) | |
| tree | 5b801b95a64ca9b76abe6de76290d88ed30001e3 /lib | |
| parent | 800fd5fd798567d899b1559ca3e91dc15212d027 (diff) | |
| download | nextcloud-server-d33bec09fe1da810f0a7f60d9b6a61e513ce0b2f.tar.gz nextcloud-server-d33bec09fe1da810f0a7f60d9b6a61e513ce0b2f.zip | |
Verify password page for users
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/util.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php index 9a3bf162062..b92f97b0375 100755 --- a/lib/util.php +++ b/lib/util.php @@ -361,6 +361,7 @@ class OC_Util { public static function checkAdminUser() { // Check if we are a user self::checkLoggedIn(); + self::verifyUser(); if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) { header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' )); exit(); @@ -374,6 +375,7 @@ class OC_Util { public static function checkSubAdminUser() { // Check if we are a user self::checkLoggedIn(); + self::verifyUser(); if(OC_Group::inGroup(OC_User::getUser(),'admin')) { return true; } @@ -385,6 +387,23 @@ class OC_Util { } /** + * Check if the user verified the login with his password in the last 15 minutes + * If not, the user will be shown a password verification page + */ + public static function verifyUser() { + // Check password to set session + if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) { + $_SESSION['verifiedLogin']=time() + (15 * 60); + } + + // Check if the user verified his password in the last 15 minutes + if($_SESSION['verifiedLogin'] < time() OR !isset($_SESSION['verifiedLogin'])) { + OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser())); + exit(); + } + } + + /** * Redirect to the user default page */ public static function redirectToDefaultPage() { |