diff options
| author | Michael Göhler <somebody.here@gmx.de> | 2012-10-13 16:02:45 +0200 |
|---|---|---|
| committer | Michael Göhler <somebody.here@gmx.de> | 2012-10-14 22:36:26 +0200 |
| commit | b92fd984aa7f9281144b410ff703ca1796c10d41 (patch) | |
| tree | e80be8dc4962d81182913253fe0300d7ba94bbaa | |
| parent | a6c4046f48752b957d591a9c9574caf6f18e6d40 (diff) | |
| download | nextcloud-server-b92fd984aa7f9281144b410ff703ca1796c10d41.tar.gz nextcloud-server-b92fd984aa7f9281144b410ff703ca1796c10d41.zip | |
removed username and password from token generation
| -rw-r--r-- | lib/base.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/base.php b/lib/base.php index bf2c2199ff5..ebeec22088a 100644 --- a/lib/base.php +++ b/lib/base.php @@ -544,7 +544,7 @@ class OC{ if (in_array($_COOKIE['oc_token'], $tokens, true)) { // replace successfully used token with a new one OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']); - $token = md5($_COOKIE['oc_username'].OC_Util::generate_random_bytes(10).$_COOKIE['oc_token']); + $token = OC_Util::generate_random_bytes(128); OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time()); OC_User::setMagicInCookie($_COOKIE['oc_username'], $token); // login @@ -578,7 +578,7 @@ class OC{ if(defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } - $token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_POST['password']); + $token = OC_Util::generate_random_bytes(128); OC_Preferences::setValue($_POST['user'], 'login_token', $token, time()); OC_User::setMagicInCookie($_POST["user"], $token); } |