make remember login token also dependent on password to protect against some brute...

author Robin Appelman <icewind1991@gmail.com>

Wed, 14 Dec 2011 12:26:34 +0000 (13:26 +0100)

committer Robin Appelman <icewind1991@gmail.com>

Wed, 14 Dec 2011 12:26:34 +0000 (13:26 +0100)
author Robin Appelman <icewind1991@gmail.com>
Wed, 14 Dec 2011 12:26:34 +0000 (13:26 +0100)
committer Robin Appelman <icewind1991@gmail.com>
Wed, 14 Dec 2011 12:26:34 +0000 (13:26 +0100)
diff --git a/index.php b/index.php

index 558733e1cda790fbd564633bf913202df424202c..2d759d68d7dcc30d95ceac6aff3d0b2f55535c66 100644 (file)
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ else {
                                 if(defined("DEBUG") && DEBUG) {
                                         OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);
                                 }
-                               $token = md5($_POST["user"].time());
+                               $token = md5($_POST["user"].time().$_POST['password']);
                                 OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
                                 OC_User::setMagicInCookie($_POST["user"], $token);
                         }
author	Robin Appelman <icewind1991@gmail.com>
	Wed, 14 Dec 2011 12:26:34 +0000 (13:26 +0100)
committer	Robin Appelman <icewind1991@gmail.com>
	Wed, 14 Dec 2011 12:26:34 +0000 (13:26 +0100)