public static function delete($parameters) { OC_Util::checkLoggedIn(); $user = OC_User::getUser(); $app = addslashes(strip_tags($parameters['app'])); $key = addslashes(strip_tags($parameters['key'])); if ($key === "" or $app === "") { return new OC_OCS_Result(null, 101); //key and app are NOT optional here } if (OC_Preferences::deleteKey($user, $app, $key)) { return new OC_OCS_Result(null, 100); } }
public static function resetPassword($args) { if (self::checkToken($args['user'], $args['token'])) { if (isset($_POST['password'])) { if (OC_User::setPassword($args['user'], $_POST['password'])) { OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword'); OC_User::unsetMagicInCookie(); self::displayResetPasswordPage(true, $args); } else { self::displayResetPasswordPage(false, $args); } } else { self::reset($args); } } else { // Someone lost their password self::displayLostPasswordPage(false, false); } }
/** * perform login using the magic cookie (remember login) * * @param string $uid the username * @param string $currentToken * @return bool */ public function loginWithCookie($uid, $currentToken) { $this->manager->emit('\\OC\\User', 'preRememberedLogin', array($uid)); $user = $this->manager->get($uid); if (is_null($user)) { // user does not exist return false; } // get stored tokens $tokens = \OC_Preferences::getKeys($uid, 'login_token'); // test cookies token against stored tokens if (!in_array($currentToken, $tokens, true)) { return false; } // replace successfully used token with a new one \OC_Preferences::deleteKey($uid, 'login_token', $currentToken); $newToken = \OC_Util::generateRandomBytes(32); \OC_Preferences::setValue($uid, 'login_token', $newToken, time()); $this->setMagicInCookie($user->getUID(), $newToken); //login $this->setUser($user); $this->manager->emit('\\OC\\User', 'postRememberedLogin', array($user)); return true; }
protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"]) { return false; } OC_App::loadApps(array('authentication')); if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG); } // confirm credentials in cookie if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username'])) { // delete outdated cookies self::cleanupLoginTokens($_COOKIE['oc_username']); // get stored tokens $tokens = OC_Preferences::getKeys($_COOKIE['oc_username'], 'login_token'); // test cookies token against stored tokens if (in_array($_COOKIE['oc_token'], $tokens, true)) { // replace successfully used token with a new one OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']); $token = OC_Util::generate_random_bytes(32); OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time()); OC_User::setMagicInCookie($_COOKIE['oc_username'], $token); // login OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); // doesn't return } // if you reach this point you have changed your password // or you are an attacker // we can not delete tokens here because users may reach // this point multiple times after a password change OC_Log::write('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], OC_Log::WARN); } OC_User::unsetMagicInCookie(); return true; }
public function testDeleteKey() { $this->assertTrue(\OC_Preferences::deleteKey('Deleteuser', 'deleteapp', 'deletekey')); $query = \OC_DB::prepare('SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?'); $result = $query->execute(array('Deleteuser', 'deleteapp', 'deletekey')); $this->assertEquals(0, count($result->fetchAll())); }
/** * Remove outdated and therefore invalid tokens for a user * @param string $user */ protected static function cleanupLoginTokens($user) { $cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); $tokens = OC_Preferences::getKeys($user, 'login_token'); foreach ($tokens as $token) { $time = OC_Preferences::getValue($user, 'login_token', $token); if ($time < $cutoff) { OC_Preferences::deleteKey($user, 'login_token', $token); } } }
<?php /** * Copyright (c) 2010 Frank Karlitschek karlitschek@kde.org * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ $RUNTIME_NOAPPS = TRUE; //no apps require_once '../../lib/base.php'; // Someone wants to reset their password: if (isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === $_GET['token']) { if (isset($_POST['password'])) { if (OC_User::setPassword($_GET['user'], $_POST['password'])) { OC_Preferences::deleteKey($_GET['user'], 'owncloud', 'lostpassword'); OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => true)); } else { OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false)); } } else { OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false)); } } else { // Someone lost their password OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false)); }
/** * delete private data referenced by $key * @param string $user * @param string $app * @param string $key * @return string xml/json */ public static function deleteData($user, $app, $key) { return OC_Preferences::deleteKey($user, $app, $key); }
public function removePreferences($addressbookid) { $key = $this->combinedKey($addressbookid); $key = 'prefs_' . $key; \OC_Preferences::deleteKey($this->userid, 'contacts', $key); }
/** * Delete a user value * * @param string $userId the userId of the user that we want to store the value under * @param string $appName the appName that we stored the value under * @param string $key the key under which the value is being stored */ public function deleteUserValue($userId, $appName, $key) { \OC_Preferences::deleteKey($userId, $appName, $key); }
/** * @PublicPage */ public function setPassword($token, $userId, $password) { try { $user = $this->userManager->get($userId); if (!$this->checkToken($userId, $token)) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); } if (!$user->setPassword($password)) { throw new \Exception(); } // FIXME: should be added to the all config at some point \OC_Preferences::deleteKey($userId, 'owncloud', 'lostpassword'); $this->userSession->unsetMagicInCookie(); } catch (\Exception $e) { return $this->error($e->getMessage()); } return $this->success(); }