5 files changed, 50 insertions, 6 deletions

diff --git a/core/templates/installation.php b/core/templates/installation.php
index 1a05c3fb762..c0b29ea909d 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -3,7 +3,6 @@
 <input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input>
 <input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input>
 <form action="index.php" method="post">
-
 <input type="hidden" name="install" value="true" />
 	<?php if(count($_['errors']) > 0): ?>
 	<ul class="errors">
@@ -19,7 +18,20 @@
 		<?php endforeach; ?>
 	</ul>
 	<?php endif; ?>
-
+	<?php if(!$_['secureRNG']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>		
+		<br/>
+		<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>		
+	</fieldset>
+	<?php endif; ?>
+	<?php if(!$_['htaccessWorking']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
+	</fieldset>
+	<?php endif; ?>
 	<fieldset>
 		<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
 		<p class="infield">
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index c113a4db24e..f78b6ff8bbd 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -10,6 +10,8 @@
 		<script type="text/javascript">
 			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
 			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+			var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
+			var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
 		</script>
 		<?php foreach ($_['jsfiles'] as $jsfile): ?>
 			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index 0d2e71c180f..6f59e18a8e1 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -10,6 +10,8 @@
 		<script type="text/javascript">
 			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
 			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+			var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
+			var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
 		</script>
 		<?php foreach($_['jsfiles'] as $jsfile): ?>
 			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
diff --git a/core/templates/login.php b/core/templates/login.php
index 2c9b766aa4d..0768b664c6f 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,10 +1,21 @@
 <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
-<form action="index.php" method="post">
+<form method="post">
 	<fieldset>
 		<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
-		<?php if($_['display_lostpassword']): ?>
-			<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
+		<ul>
+		<?php if(isset($_['invalidcookie']) && ($_['invalidcookie'])): ?>
+			<li class="errors">
+				<?php echo $l->t('Automatic logon rejected!'); ?><br>
+				<small><?php echo $l->t('If you did not change your password recently, your account may be compromised!'); ?></small><br>
+				<small><?php echo $l->t('Please change your password to secure your account again.'); ?></small>
+			</li>
 		<?php endif; ?>
+		<?php if(isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
+			<a href="./core/lostpassword/"><li class="errors">
+				<?php echo $l->t('Lost your password?'); ?>
+			</li></a>
+		<?php endif; ?>
+		</ul>
 		<p class="infield">
 			<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
 			<input type="text" name="user" id="user" value="<?php echo $_['username']; ?>"<?php echo $_['user_autofocus']?' autofocus':''; ?> autocomplete="on" required />
@@ -12,7 +23,6 @@
 		<p class="infield">
 			<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
 			<input type="password" name="password" id="password" value="" required<?php echo $_['user_autofocus']?'':' autofocus'; ?> />
-			<input type="hidden" name="sectoken" id="sectoken" value="<?php echo($_['sectoken']); ?>"  />
 		</p>
 		<input type="checkbox" name="remember_login" value="1" id="remember_login" /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
 		<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Log in' ); ?>" />
diff --git a/core/templates/verify.php b/core/templates/verify.php
new file mode 100644
index 00000000000..600eaca05b7
--- /dev/null
+++ b/core/templates/verify.php
@@ -0,0 +1,18 @@
+<form method="post">
+	<fieldset>
+		<ul>
+			<li class="errors">
+				<?php echo $l->t('Security Warning!'); ?><br>
+				<small><?php echo $l->t("Please verify your password. <br/>For security reasons you may be occasionally asked to enter your password again."); ?></small>
+			</li>
+		</ul>
+		<p class="infield">
+			<input type="text"  value="<?php echo $_['username']; ?>" disabled="disabled" />
+		</p>
+		<p class="infield">
+			<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
+			<input type="password" name="password" id="password" value="" required />
+		</p>
+		<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Verify' ); ?>" />
+	</fieldset>
+</form>