remember changed not to store password in cookie

This commit is contained in:
Bartek Przybylski 2011-09-18 15:05:53 +02:00
parent 68e7666293
commit 94696ea7de
2 changed files with 29 additions and 29 deletions

View File

@ -59,26 +59,18 @@ elseif(OC_User::isLoggedIn()) {
}
}
// Semeone set remember login when login
// remember was checked after last login
elseif(isset($_COOKIE["oc_remember_login"]) && $_COOKIE["oc_remember_login"]) {
OC_App::loadApps();
error_log("Trying to login from cookie");
if(OC_User::login($_COOKIE["oc_username"], $_COOKIE["oc_password"])) {
// confirm credentials in cookie
if(OC_User::userExists($_COOKIE['oc_username']) &&
OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
OC_User::setUserId($_COOKIE['oc_username']);
header("Location: ". $WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
if(!empty($_POST["remember_login"])){
OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
}
else {
OC_User::unsetUsernameInCookie();
}
exit();
}
else {
if(isset($_COOKIE["username"])){
OC_Template::printGuestPage("", "login", array("error" => true, "username" => $_COOKIE["username"]));
}else{
OC_Template::printGuestPage("", "login", array("error" => true));
}
OC_Template::printGuestPage("", "login", array("error" => true));
}
}
@ -89,10 +81,12 @@ elseif(isset($_POST["user"]) && isset($_POST['password'])) {
header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
if(!empty($_POST["remember_login"])){
error_log("Setting remember login to cookie");
OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
$token = md5($_POST["user"].time());
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
OC_User::setMagicInCookie($_POST["user"], $token);
}
else {
OC_User::unsetUsernameInCookie();
OC_User::unsetMagicInCookie();
}
exit();
}

View File

@ -194,16 +194,22 @@ class OC_User {
if( $run ){
$uid=self::checkPassword( $uid, $password );
if($uid){
$_SESSION['user_id'] = $uid;
OC_Crypt::init($uid,$password);
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
return true;
}else{
return false;
return self::setUserId($uid);
}
}else{
return false;
}
return false;
}
/**
* @brief Sets user id for session and triggers emit
* @returns true
*
*/
public static function setUserId($uid) {
$_SESSION['user_id'] = $uid;
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
return true;
}
/**
@ -215,7 +221,7 @@ class OC_User {
public static function logout(){
OC_Hook::emit( "OC_User", "logout", array());
$_SESSION['user_id'] = false;
OC_User::unsetUsernameInCookie();
OC_User::unsetMagicInCookie();
return true;
}
@ -341,21 +347,21 @@ class OC_User {
* @brief Set cookie value to use in next page load
* @param string $username username to be set
*/
public static function setUsernameInCookie($username, $password){
public static function setMagicInCookie($username, $token){
setcookie("oc_username", $username, time()+60*60*24*15);
setcookie("oc_password", $password, time()+60*60*24*15);
setcookie("oc_token", $token, time()+60*60*24*15);
setcookie("oc_remember_login", true, time()+60*60*24*15);
}
/**
* @brief Remove cookie for "remember username"
*/
public static function unsetUsernameInCookie(){
public static function unsetMagicInCookie(){
unset($_COOKIE["oc_username"]);
unset($_COOKIE["oc_password"]);
unset($_COOKIE["oc_token"]);
unset($_COOKIE["oc_remember_login"]);
setcookie("oc_username", NULL, -1);
setcookie("oc_password", NULL, -1);
setcookie("oc_token", NULL, -1);
setcookie("oc_remember_login", NULL, -1);
}
}