public static function resetPassword($args) { if (self::checkToken($args['user'], $args['token'])) { if (isset($_POST['password'])) { if (OC_User::setPassword($args['user'], $_POST['password'])) { OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword'); OC_User::unsetMagicInCookie(); self::displayResetPasswordPage(true, $args); } else { self::displayResetPasswordPage(false, $args); } } else { self::reset($args); } } else { // Someone lost their password self::displayLostPasswordPage(false, false); } }
if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } $token = md5($_POST["user"] . time() . $_POST['password']); OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); OC_User::setMagicInCookie($_POST["user"], $token); } else { OC_User::unsetMagicInCookie(); } OC_Util::redirectToDefaultPage(); } else { $error = true; } // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP } elseif (isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])) { if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); OC_User::unsetMagicInCookie(); $_REQUEST['redirect_url'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; OC_Util::redirectToDefaultPage(); } else { $error = true; } } if (!array_key_exists('sectoken', $_SESSION) || array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE) || substr(OC::$REQUESTEDFILE, -3) == 'php') { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; $redirect_url = isset($_REQUEST['redirect_url']) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); } }
/** * Tries to login a user using the form based authentication * @return bool|void */ protected static function tryFormLogin() { if (!isset($_POST["user"]) || !isset($_POST['password'])) { return false; } if (!OC_Util::isCallRegistered()) { return false; } OC_App::loadApps(); //setup extra user backends OC_User::setupBackends(); if (OC_User::login((string) $_POST["user"], (string) $_POST["password"])) { $userId = OC_User::getUser(); // setting up the time zone if (isset($_POST['timezone-offset'])) { self::$server->getSession()->set('timezone', (string) $_POST['timezone-offset']); self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string) $_POST['timezone']); } self::cleanupLoginTokens($userId); if (!empty($_POST["remember_login"])) { $config = self::$server->getConfig(); if ($config->getSystemValue('debug', false)) { self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core')); } $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); $config->setUserValue($userId, 'login_token', $token, time()); OC_User::setMagicInCookie($userId, $token); } else { OC_User::unsetMagicInCookie(); } OC_Util::redirectToDefaultPage(); exit; } return true; }
/** * @brief Logs the current user out and kills all the session data * * Logout, destroys session */ public static function logout() { OC_Hook::emit("OC_User", "logout", array()); session_unset(); session_destroy(); OC_User::unsetMagicInCookie(); }
protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) { return false; } OC_App::loadApps(array('authentication')); if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); OC_User::unsetMagicInCookie(); $_REQUEST['redirect_url'] = OC_Request::requestUri(); OC_Util::redirectToDefaultPage(); } return true; }
/** * @PublicPage * @param string $token * @param string $userId * @param string $password * @param boolean $proceed * @return array */ public function setPassword($token, $userId, $password, $proceed) { if ($this->isDataEncrypted && !$proceed) { return $this->error('', array('encryption' => true)); } try { $user = $this->userManager->get($userId); if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword', null), $token)) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); } if (!$user->setPassword($password)) { throw new \Exception(); } \OC_Hook::emit('\\OC\\Core\\LostPassword\\Controller\\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password)); $this->config->deleteUserValue($userId, 'owncloud', 'lostpassword'); @\OC_User::unsetMagicInCookie(); } catch (\Exception $e) { return $this->error($e->getMessage()); } return $this->success(); }
/** * Try to login a user using HTTP authentication. * @return bool */ protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"]) || isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) { return false; } if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { OC_User::unsetMagicInCookie(); $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister(); } return true; }
/** * Tries to login a user using the formbased authentication * @return bool|void */ protected static function tryFormLogin() { if (!isset($_POST["user"]) || !isset($_POST['password'])) { return false; } if(!OC_Util::isCallRegistered()) { return false; } OC_App::loadApps(); //setup extra user backends OC_User::setupBackends(); if (OC_User::login($_POST["user"], $_POST["password"])) { // setting up the time zone if (isset($_POST['timezone-offset'])) { self::$session->set('timezone', $_POST['timezone-offset']); } $userid = OC_User::getUser(); self::cleanupLoginTokens($userid); if (!empty($_POST["remember_login"])) { if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } $token = OC_Util::generateRandomBytes(32); OC_Preferences::setValue($userid, 'login_token', $token, time()); OC_User::setMagicInCookie($userid, $token); } else { OC_User::unsetMagicInCookie(); } OC_Util::redirectToDefaultPage(); exit(); } return true; }
protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) { return false; } OC_App::loadApps(array('authentication')); if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); OC_User::unsetMagicInCookie(); $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister(); } return true; }
/** * @PublicPage * @param string $token * @param string $userId * @param string $password * @param boolean $proceed * @return array */ public function setPassword($token, $userId, $password, $proceed) { if ($this->isDataEncrypted && !$proceed) { return $this->error('', array('encryption' => true)); } try { $this->checkPasswordResetToken($token, $userId); $user = $this->userManager->get($userId); if (!$user->setPassword($password)) { throw new \Exception(); } \OC_Hook::emit('\\OC\\Core\\LostPassword\\Controller\\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password)); $this->config->deleteUserValue($userId, 'owncloud', 'lostpassword'); @\OC_User::unsetMagicInCookie(); } catch (\Exception $e) { return $this->error($e->getMessage()); } return $this->success(); }
/** * Try to login a user using HTTP authentication. * @return bool */ protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"]) || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) ) { return false; } if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); OC_User::unsetMagicInCookie(); $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister(); } return true; }