remember changed not to store password in cookie

13 years ago · 94696ea7de
parent 68e7666293
commit 94696ea7de
2 changed files with 29 additions and 29 deletions
--- a/index.php
+++ b/index.php
@ -59,26 +59,18 @@ elseif(OC_User::isLoggedIn()) {
 	}
 }

-// Semeone set remember login when login
+// remember was checked after last login
 elseif(isset($_COOKIE["oc_remember_login"]) && $_COOKIE["oc_remember_login"]) {
 	OC_App::loadApps();
 	error_log("Trying to login from cookie");
-	if(OC_User::login($_COOKIE["oc_username"], $_COOKIE["oc_password"])) {
+	// confirm credentials in cookie
+	if(OC_User::userExists($_COOKIE['oc_username']) &&
+	   OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
+		OC_User::setUserId($_COOKIE['oc_username']);
 		header("Location: ". $WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
-		if(!empty($_POST["remember_login"])){
-			OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
-		}
-		else {
-			OC_User::unsetUsernameInCookie();
-		}
-		exit();
 	}
 	else {
-		if(isset($_COOKIE["username"])){
-			OC_Template::printGuestPage("", "login", array("error" => true, "username" => $_COOKIE["username"]));
-		}else{
-			OC_Template::printGuestPage("", "login", array("error" => true));
-		}
+		OC_Template::printGuestPage("", "login", array("error" => true));
 	}
 }

@ -89,10 +81,12 @@ elseif(isset($_POST["user"]) && isset($_POST['password'])) {
 		header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
 		if(!empty($_POST["remember_login"])){
 			error_log("Setting remember login to cookie");
-			OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
+			$token = md5($_POST["user"].time());
+			OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
+			OC_User::setMagicInCookie($_POST["user"], $token);
 		}
 		else {
-			OC_User::unsetUsernameInCookie();
+			OC_User::unsetMagicInCookie();
 		}
 		exit();
 	}
--- a/lib/user.php
+++ b/lib/user.php
@ -194,16 +194,22 @@ class OC_User {
 		if( $run ){
 			$uid=self::checkPassword( $uid, $password );
 			if($uid){
-				$_SESSION['user_id'] = $uid;
 				OC_Crypt::init($uid,$password);
-				OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
-				return true;
-			}else{
-				return false;
+				return self::setUserId($uid);
 			}
-		}else{
-			return false;
 		}
+		return false;
+	}
+
+	/**
+	 * @brief Sets user id for session and triggers emit
+	 * @returns true
+	 *
+	 */
+	public static function setUserId($uid) {
+		$_SESSION['user_id'] = $uid;
+		OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
+		return true;
 	}

 	/**
@ -215,7 +221,7 @@ class OC_User {
 	public static function logout(){
 		OC_Hook::emit( "OC_User", "logout", array());
 		$_SESSION['user_id'] = false;
-		OC_User::unsetUsernameInCookie();
+		OC_User::unsetMagicInCookie();
 		return true;
 	}

@ -341,21 +347,21 @@ class OC_User {
 	 * @brief Set cookie value to use in next page load
 	 * @param string $username username to be set
 	 */
-	public static function setUsernameInCookie($username, $password){
+	public static function setMagicInCookie($username, $token){
 		setcookie("oc_username", $username, time()+60*60*24*15);
-		setcookie("oc_password", $password, time()+60*60*24*15);
+		setcookie("oc_token", $token, time()+60*60*24*15);
 		setcookie("oc_remember_login", true, time()+60*60*24*15);
 	}

 	/**
 	 * @brief Remove cookie for "remember username"
 	 */
-	public static function unsetUsernameInCookie(){
+	public static function unsetMagicInCookie(){
 		unset($_COOKIE["oc_username"]);
-		unset($_COOKIE["oc_password"]);
+		unset($_COOKIE["oc_token"]);
 		unset($_COOKIE["oc_remember_login"]);
 		setcookie("oc_username", NULL, -1);
-		setcookie("oc_password", NULL, -1);
+		setcookie("oc_token", NULL, -1);
 		setcookie("oc_remember_login", NULL, -1);
 	}
 }