remember changed not to store password in cookie
This commit is contained in:
parent
68e7666293
commit
94696ea7de
26
index.php
26
index.php
|
@ -59,26 +59,18 @@ elseif(OC_User::isLoggedIn()) {
|
|||
}
|
||||
}
|
||||
|
||||
// Semeone set remember login when login
|
||||
// remember was checked after last login
|
||||
elseif(isset($_COOKIE["oc_remember_login"]) && $_COOKIE["oc_remember_login"]) {
|
||||
OC_App::loadApps();
|
||||
error_log("Trying to login from cookie");
|
||||
if(OC_User::login($_COOKIE["oc_username"], $_COOKIE["oc_password"])) {
|
||||
// confirm credentials in cookie
|
||||
if(OC_User::userExists($_COOKIE['oc_username']) &&
|
||||
OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
|
||||
OC_User::setUserId($_COOKIE['oc_username']);
|
||||
header("Location: ". $WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
|
||||
if(!empty($_POST["remember_login"])){
|
||||
OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
|
||||
}
|
||||
else {
|
||||
OC_User::unsetUsernameInCookie();
|
||||
}
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
if(isset($_COOKIE["username"])){
|
||||
OC_Template::printGuestPage("", "login", array("error" => true, "username" => $_COOKIE["username"]));
|
||||
}else{
|
||||
OC_Template::printGuestPage("", "login", array("error" => true));
|
||||
}
|
||||
OC_Template::printGuestPage("", "login", array("error" => true));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -89,10 +81,12 @@ elseif(isset($_POST["user"]) && isset($_POST['password'])) {
|
|||
header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
|
||||
if(!empty($_POST["remember_login"])){
|
||||
error_log("Setting remember login to cookie");
|
||||
OC_User::setUsernameInCookie($_POST["user"], $_POST["password"]);
|
||||
$token = md5($_POST["user"].time());
|
||||
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
|
||||
OC_User::setMagicInCookie($_POST["user"], $token);
|
||||
}
|
||||
else {
|
||||
OC_User::unsetUsernameInCookie();
|
||||
OC_User::unsetMagicInCookie();
|
||||
}
|
||||
exit();
|
||||
}
|
||||
|
|
32
lib/user.php
32
lib/user.php
|
@ -194,16 +194,22 @@ class OC_User {
|
|||
if( $run ){
|
||||
$uid=self::checkPassword( $uid, $password );
|
||||
if($uid){
|
||||
$_SESSION['user_id'] = $uid;
|
||||
OC_Crypt::init($uid,$password);
|
||||
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
return self::setUserId($uid);
|
||||
}
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Sets user id for session and triggers emit
|
||||
* @returns true
|
||||
*
|
||||
*/
|
||||
public static function setUserId($uid) {
|
||||
$_SESSION['user_id'] = $uid;
|
||||
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid ));
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -215,7 +221,7 @@ class OC_User {
|
|||
public static function logout(){
|
||||
OC_Hook::emit( "OC_User", "logout", array());
|
||||
$_SESSION['user_id'] = false;
|
||||
OC_User::unsetUsernameInCookie();
|
||||
OC_User::unsetMagicInCookie();
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -341,21 +347,21 @@ class OC_User {
|
|||
* @brief Set cookie value to use in next page load
|
||||
* @param string $username username to be set
|
||||
*/
|
||||
public static function setUsernameInCookie($username, $password){
|
||||
public static function setMagicInCookie($username, $token){
|
||||
setcookie("oc_username", $username, time()+60*60*24*15);
|
||||
setcookie("oc_password", $password, time()+60*60*24*15);
|
||||
setcookie("oc_token", $token, time()+60*60*24*15);
|
||||
setcookie("oc_remember_login", true, time()+60*60*24*15);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Remove cookie for "remember username"
|
||||
*/
|
||||
public static function unsetUsernameInCookie(){
|
||||
public static function unsetMagicInCookie(){
|
||||
unset($_COOKIE["oc_username"]);
|
||||
unset($_COOKIE["oc_password"]);
|
||||
unset($_COOKIE["oc_token"]);
|
||||
unset($_COOKIE["oc_remember_login"]);
|
||||
setcookie("oc_username", NULL, -1);
|
||||
setcookie("oc_password", NULL, -1);
|
||||
setcookie("oc_token", NULL, -1);
|
||||
setcookie("oc_remember_login", NULL, -1);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue