Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMichael Göhler <somebody.here@gmx.de>2012-10-11 12:50:17 +0400
committerMichael Göhler <somebody.here@gmx.de>2012-10-15 00:36:25 +0400
commitee5d0f328fcaaabee00f3a3fda22c49f6ab84f58 (patch)
tree0c46d9814387a4186022cd3d701c27c333fa10d5 /lib
parent4b799a69824f9f4a2ddb7df382b305b304b7d754 (diff)
improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
Diffstat (limited to 'lib')
-rw-r--r--lib/base.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php
index be93cb40e7c..4dd69f3cc3e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -566,7 +566,7 @@ class OC{
if(defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
- $token = md5($_POST["user"].time().$_POST['password']);
+ $token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_POST['password']);
OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
OC_User::setMagicInCookie($_POST["user"], $token);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 09:32:16 +0300