1 files changed, 87 insertions, 0 deletions

diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php
new file mode 100644
index 00000000000..523520dc754
--- /dev/null
+++ b/core/lostpassword/controller.php
@@ -0,0 +1,87 @@
+<?php
+/**
+ * Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+class OC_Core_LostPassword_Controller {
+	protected static function displayLostPasswordPage($error, $requested) {
+		OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
+			array('error' => $error, 'requested' => $requested));
+	}
+	
+	protected static function displayResetPasswordPage($success, $args) {
+		$route_args = array();
+		$route_args['token'] = $args['token'];
+		$route_args['user'] = $args['user'];
+		OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
+			array('success' => $success, 'args' => $route_args));
+	}
+
+	protected static function checkToken($user, $token) {
+		return OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
+	}
+
+	public static function index($args) {
+		self::displayLostPasswordPage(false, false);
+	}
+
+	public static function sendEmail($args) {
+		if (OC_User::userExists($_POST['user'])) {
+			$token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
+			OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
+				hash('sha256', $token)); // Hash the token again to prevent timing attacks
+			$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
+			if (!empty($email)) {
+				$link = OC_Helper::linkToRoute('core_lostpassword_reset',
+					array('user' => $_POST['user'], 'token' => $token));
+				$link = OC_Helper::makeURLAbsolute($link);
+
+				$tmpl = new OC_Template('core/lostpassword', 'email');
+				$tmpl->assign('link', $link, false);
+				$msg = $tmpl->fetchPage();
+				$l = OC_L10N::get('core');
+				$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
+				OC_Mail::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
+				echo('Mailsent');
+
+				self::displayLostPasswordPage(false, true);
+			} else {
+				self::displayLostPasswordPage(true, false);
+			}
+		} else {
+			self::displayLostPasswordPage(true, false);
+		}
+	}
+
+	public static function reset($args) {
+		// Someone wants to reset their password:
+		if(self::checkToken($args['user'], $args['token'])) {
+			self::displayResetPasswordPage(false, $args);
+		} else {
+			// Someone lost their password
+			self::displayLostPasswordPage(false, false);
+		}
+	}
+
+	public static function resetPassword($args) {
+		if (self::checkToken($args['user'], $args['token'])) {
+			if (isset($_POST['password'])) {
+				if (OC_User::setPassword($args['user'], $_POST['password'])) {
+					OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
+					OC_User::unsetMagicInCookie();
+					self::displayResetPasswordPage(true, $args);
+				} else {
+					self::displayResetPasswordPage(false, $args);
+				}
+			} else {
+				self::reset($args);
+			}
+		} else {
+			// Someone lost their password
+			self::displayLostPasswordPage(false, false);
+		}
+	}
+}