128byte is not 128bit - now we realy use 256bit (same as PHPSESSID)

This commit is contained in:
Michael Göhler 2012-10-15 20:00:33 +02:00
parent 22fa23b4da
commit 8be9c04a3a
3 changed files with 4 additions and 4 deletions

View File

@ -395,7 +395,7 @@
<type>text</type> <type>text</type>
<default></default> <default></default>
<notnull>true</notnull> <notnull>true</notnull>
<length>128</length> <length>64</length>
</field> </field>
<field> <field>

View File

@ -566,7 +566,7 @@ class OC{
if (in_array($_COOKIE['oc_token'], $tokens, true)) { if (in_array($_COOKIE['oc_token'], $tokens, true)) {
// replace successfully used token with a new one // replace successfully used token with a new one
OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']); OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']);
$token = OC_Util::generate_random_bytes(128); $token = OC_Util::generate_random_bytes(32);
OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time()); OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time());
OC_User::setMagicInCookie($_COOKIE['oc_username'], $token); OC_User::setMagicInCookie($_COOKIE['oc_username'], $token);
// login // login
@ -600,7 +600,7 @@ class OC{
if(defined("DEBUG") && DEBUG) { if(defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
} }
$token = OC_Util::generate_random_bytes(128); $token = OC_Util::generate_random_bytes(32);
OC_Preferences::setValue($_POST['user'], 'login_token', $token, time()); OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
OC_User::setMagicInCookie($_POST["user"], $token); OC_User::setMagicInCookie($_POST["user"], $token);
} }

View File

@ -83,7 +83,7 @@ class OC_Util {
*/ */
public static function getVersion() { public static function getVersion() {
// hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.90.0. This is not visible to the user // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.90.0. This is not visible to the user
return array(4,91,01); return array(4,91,00);
} }
/** /**