diff options
| author | Michael Göhler <somebody.here@gmx.de> | 2012-10-11 10:50:17 +0200 |
|---|---|---|
| committer | Michael Göhler <somebody.here@gmx.de> | 2012-10-14 22:36:25 +0200 |
| commit | ee5d0f328fcaaabee00f3a3fda22c49f6ab84f58 (patch) | |
| tree | 0c46d9814387a4186022cd3d701c27c333fa10d5 /lib | |
| parent | 4b799a69824f9f4a2ddb7df382b305b304b7d754 (diff) | |
| download | nextcloud-server-ee5d0f328fcaaabee00f3a3fda22c49f6ab84f58.tar.gz nextcloud-server-ee5d0f328fcaaabee00f3a3fda22c49f6ab84f58.zip | |
improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index be93cb40e7c..4dd69f3cc3e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -566,7 +566,7 @@ class OC{ if(defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } - $token = md5($_POST["user"].time().$_POST['password']); + $token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_POST['password']); OC_Preferences::setValue($_POST['user'], 'login_token', $token, time()); OC_User::setMagicInCookie($_POST["user"], $token); } |