make remember login token also dependent on password to protect against some brute force attacks on this token

author: Robin Appelman <icewind1991@gmail.com> 2011-12-14 16:26:34 +0400
committer: Robin Appelman <icewind1991@gmail.com> 2011-12-14 16:26:34 +0400
commit: a862fec9a329c449b808e8d888764cbc9cc0bc19 (patch)
tree: 9505961114a8515df84d63defac097a7dd64ba77 /index.php
parent: 5e711f37ca3f009317a3c8cd0e47ed4f15922142 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index 558733e1cda..2d759d68d7d 100644
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ else {
 				if(defined("DEBUG") && DEBUG) {
 					OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);
 				}
-				$token = md5($_POST["user"].time());
+				$token = md5($_POST["user"].time().$_POST['password']);
 				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
 				OC_User::setMagicInCookie($_POST["user"], $token);
 			}
author	Robin Appelman <icewind1991@gmail.com>	2011-12-14 16:26:34 +0400
committer	Robin Appelman <icewind1991@gmail.com>	2011-12-14 16:26:34 +0400
commit	a862fec9a329c449b808e8d888764cbc9cc0bc19 (patch)
tree	9505961114a8515df84d63defac097a7dd64ba77 /index.php
parent	5e711f37ca3f009317a3c8cd0e47ed4f15922142 (diff)