From b216ba71200b4e0593e6afde1a060daf465e7856 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Wed, 14 Dec 2011 13:26:34 +0100
Subject: [PATCH] make remember login token also dependent on password to
 protect against some brute force attacks on this token

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 4e1f5bcc8d6..6805e3a914d 100644
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ else {
 				if(defined("DEBUG") && DEBUG) {
 					error_log("Setting remember login to cookie");
 				}
-				$token = md5($_POST["user"].time());
+				$token = md5($_POST["user"].time().$_POST['password']);
 				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
 				OC_User::setMagicInCookie($_POST["user"], $token);
 			}