improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
This commit is contained in:
Michael Göhler
parent
4b799a6982
commit
ee5d0f328f
1 changed files with 1 additions and 1 deletions
|
|
@ -566,7 +566,7 @@ class OC{
|
||||||
if(defined("DEBUG") && DEBUG) {
|
if(defined("DEBUG") && DEBUG) {
|
||||||
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
|
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
|
||||||
}
|
}
|
||||||
$token = md5($_POST["user"].time().$_POST['password']);
|
$token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_POST['password']);
|
||||||
OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
|
OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
|
||||||
OC_User::setMagicInCookie($_POST["user"], $token);
|
OC_User::setMagicInCookie($_POST["user"], $token);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue