improve token security

switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-11 10:50:17 +02:00 · 2012-10-11 10:50:17 +02:00 · ee5d0f328f
commit ee5d0f328f
parent 4b799a6982
1 changed files with 1 additions and 1 deletions
--- a/lib/base.php
+++ b/lib/base.php
@ -566,7 +566,7 @@ class OC{
 				if(defined("DEBUG") && DEBUG) {
 					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
 				}
-				$token = md5($_POST["user"].time().$_POST['password']);
+				$token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_POST['password']);
 				OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
 				OC_User::setMagicInCookie($_POST["user"], $token);
 			}