summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--index.php26
-rw-r--r--lib/user.php32
2 files changed, 29 insertions, 29 deletions
diff --git a/index.php b/index.php
index 3c8a0e3bed6..5255e8fadbe 100644
--- a/index.php
+++ b/index.php
@@ -59,26 +59,18 @@ elseif(OC_User::isLoggedIn()) {
}
}
-// Semeone set remember login when login
+// remember was checked after last login
elseif(isset($_COOKIE["oc_remember_login"]) && $_COOKIE["oc_remember_login"]) {
OC_App::loadApps();
error_log("Trying to login from cookie");
- if(OC_User::login($_COOKIE["oc_username"], $_COOKIE["oc_password"])) {
+ // confirm credentials in cookie
+ if(OC_User::userExists($_COOKIE['oc_username']) &&
+ OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
+ OC_User::setUserId($_COOKIE['oc_username']);
header("Location: ". $WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
- if(!empty($_POST["remember_login"])){
- OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
- }
- else {
- OC_User::unsetUsernameInCookie();
- }
- exit();
}
else {
- if(isset($_COOKIE["username"])){
- OC_Template::printGuestPage("", "login", array("error" => true, "username" => $_COOKIE["username"]));
- }else{
- OC_Template::printGuestPage("", "login", array("error" => true));
- }
+ OC_Template::printGuestPage("", "login", array("error" => true));
}
}
@@ -89,10 +81,12 @@ elseif(isset($_POST["user"]) && isset($_POST['password'])) {
header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
if(!empty($_POST["remember_login"])){
error_log("Setting remember login to cookie");
- OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
+ $token = md5($_POST["user"].time());
+ OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
+ OC_User::setMagicInCookie($_POST["user"], $token);
}
else {
- OC_User::unsetUsernameInCookie();
+ OC_User::unsetMagicInCookie();
}
exit();
}
diff --git a/lib/user.php b/lib/user.php
index 72dfd7970bb..3e73b2f1008 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -194,16 +194,22 @@ class OC_User {
if( $run ){
$uid=self::checkPassword( $uid, $password );
if($uid){
- $_SESSION['user_id'] = $uid;
OC_Crypt::init($uid,$password);
- OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
- return true;
- }else{
- return false;
+ return self::setUserId($uid);
}
- }else{
- return false;
}
+ return false;
+ }
+
+ /**
+ * @brief Sets user id for session and triggers emit
+ * @returns true
+ *
+ */
+ public static function setUserId($uid) {
+ $_SESSION['user_id'] = $uid;
+ OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
+ return true;
}
/**
@@ -215,7 +221,7 @@ class OC_User {
public static function logout(){
OC_Hook::emit( "OC_User", "logout", array());
$_SESSION['user_id'] = false;
- OC_User::unsetUsernameInCookie();
+ OC_User::unsetMagicInCookie();
return true;
}
@@ -341,21 +347,21 @@ class OC_User {
* @brief Set cookie value to use in next page load
* @param string $username username to be set
*/
- public static function setUsernameInCookie($username, $password){
+ public static function setMagicInCookie($username, $token){
setcookie("oc_username", $username, time()+60*60*24*15);
- setcookie("oc_password", $password, time()+60*60*24*15);
+ setcookie("oc_token", $token, time()+60*60*24*15);
setcookie("oc_remember_login", true, time()+60*60*24*15);
}
/**
* @brief Remove cookie for "remember username"
*/
- public static function unsetUsernameInCookie(){
+ public static function unsetMagicInCookie(){
unset($_COOKIE["oc_username"]);
- unset($_COOKIE["oc_password"]);
+ unset($_COOKIE["oc_token"]);
unset($_COOKIE["oc_remember_login"]);
setcookie("oc_username", NULL, -1);
- setcookie("oc_password", NULL, -1);
+ setcookie("oc_token", NULL, -1);
setcookie("oc_remember_login", NULL, -1);
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 12:01:53 +0000