diff options
author | Robin Appelman <icewind1991@gmail.com> | 2011-12-14 16:26:34 +0400 |
---|---|---|
committer | Robin Appelman <icewind1991@gmail.com> | 2011-12-14 16:26:34 +0400 |
commit | a862fec9a329c449b808e8d888764cbc9cc0bc19 (patch) | |
tree | 9505961114a8515df84d63defac097a7dd64ba77 /index.php | |
parent | 5e711f37ca3f009317a3c8cd0e47ed4f15922142 (diff) |
make remember login token also dependent on password to protect against some brute force attacks on this token
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php index 558733e1cda..2d759d68d7d 100644 --- a/index.php +++ b/index.php @@ -88,7 +88,7 @@ else { if(defined("DEBUG") && DEBUG) { OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG); } - $token = md5($_POST["user"].time()); + $token = md5($_POST["user"].time().$_POST['password']); OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); OC_User::setMagicInCookie($_POST["user"], $token); } |