make remember login token also dependent on password to protect against some brute force attacks on this token

2026-06-14 19:20:35 -04:00 · 2011-12-14 13:26:34 +01:00 · 2011-12-14 13:26:34 +01:00 · b216ba7120
commit b216ba7120
parent 88c0d82daa
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -88,7 +88,7 @@ else {
 				if(defined("DEBUG") && DEBUG) {
 					error_log("Setting remember login to cookie");
 				}
-				$token = md5($_POST["user"].time());
+				$token = md5($_POST["user"].time().$_POST['password']);
 				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
 				OC_User::setMagicInCookie($_POST["user"], $token);
 			}