diff --git a/db_structure.xml b/db_structure.xml index 99a30cb6137a..d18c9c8a2f6b 100644 --- a/db_structure.xml +++ b/db_structure.xml @@ -404,6 +404,14 @@ false + + created + integer + 0 + true + 8 + + pref_userid_appid_key_index diff --git a/lib/base.php b/lib/base.php index 41ff1870059a..7697b708178a 100644 --- a/lib/base.php +++ b/lib/base.php @@ -503,21 +503,31 @@ protected static function handleLogin() { } protected static function tryRememberLogin() { - if(!isset($_COOKIE["oc_remember_login"]) - || !isset($_COOKIE["oc_token"]) - || !isset($_COOKIE["oc_username"]) - || !$_COOKIE["oc_remember_login"]) + if(!isset($_COOKIE['oc_remember_login']) + || !isset($_COOKIE['oc_token']) + || !isset($_COOKIE['oc_username']) + || !$_COOKIE['oc_remember_login']) { return false; } OC_App::loadApps(array('authentication')); - if(defined("DEBUG") && DEBUG) { + if(defined('DEBUG') && DEBUG) { OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG); } + // delete tokens older than 90 days + OC_Preferences::deleteValues($_COOKIE['oc_username'], 'login', 'token', time() - 7776000 ); // confirm credentials in cookie if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) + OC_Preferences::valueExists($_COOKIE['oc_username'], 'login', 'token', $_COOKIE['oc_token'])) { + // generate new cookie + if(defined('DEBUG') && DEBUG) { + OC_Log::write('core','Refresh token in persistent login cookie',OC_Log::DEBUG); + } + $newtoken = md5($_COOKIE['oc_username'].OC_Util::generate_random_bytes(10).$_COOKIE['oc_token']); + OC_Preferences::setMultiValue($_COOKIE['oc_username'], 'login', 'token', $_COOKIE['oc_token'], $newtoken); + OC_User::setMagicInCookie($_COOKIE['oc_username'], $newtoken); + // login OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); } @@ -528,7 +538,7 @@ protected static function tryRememberLogin() { } protected static function tryFormLogin() { - if(!isset($_POST["user"]) || !isset($_POST['password'])) { + if(!isset($_POST['user']) || !isset($_POST['password'])) { return false; } @@ -536,15 +546,15 @@ protected static function tryFormLogin() { //setup extra user backends OC_User::setupBackends(); - - if(OC_User::login($_POST["user"], $_POST["password"])) { - if(!empty($_POST["remember_login"])) { - if(defined("DEBUG") && DEBUG) { + + if(OC_User::login($_POST['user'], $_POST['password'])) { + if(!empty($_POST['remember_login'])) { + if(defined('DEBUG') && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } - $token = md5($_POST["user"].time().$_POST['password']); - OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); - OC_User::setMagicInCookie($_POST["user"], $token); + $token = md5($_POST['user'].OC_Util::generate_random_bytes(10).$_POST['password']); + OC_Preferences::setMultiValue($_POST['user'], 'login', 'token', 'not defined', $token); + OC_User::setMagicInCookie($_POST['user'], $token); } else { OC_User::unsetMagicInCookie(); diff --git a/lib/preferences.php b/lib/preferences.php index b198a18415cc..05e4ede104cb 100644 --- a/lib/preferences.php +++ b/lib/preferences.php @@ -29,7 +29,8 @@ * `userid` VARCHAR( 255 ) NOT NULL , * `appid` VARCHAR( 255 ) NOT NULL , * `configkey` VARCHAR( 255 ) NOT NULL , - * `configvalue` VARCHAR( 255 ) NOT NULL + * `configvalue` VARCHAR( 255 ) NOT NULL , + * `created` NUMBER( 8 ) NOT NULL * ) * */ @@ -125,6 +126,25 @@ public static function getValue( $user, $app, $key, $default = null ) { } } + /** + * @brief checks is a preference exists + * @param $user user + * @param $app app + * @param $key key + * @param $value value + * @returns true/false + * + * This function searches the preference table for a given value. + */ + public static function valueExists( $user, $app, $key, $value ){ + // Check if the key exist + $query = OC_DB::prepare( 'SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' ); + $values=$query->execute(array($user,$app,$key,$value))->fetchAll(); + $exists=(count($values)>0); + + return $exists; + } + /** * @brief sets a value in the preferences * @param string $user user @@ -143,12 +163,41 @@ public static function setValue( $user, $app, $key, $value ) { $exists=(count($values)>0); if( !$exists ) { - $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue` ) VALUES( ?, ?, ?, ? )' ); - $query->execute( array( $user, $app, $key, $value )); + $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue`, `created` ) VALUES( ?, ?, ?, ?, ? )' ); + $query->execute( array( $user, $app, $key, $value, time() )); } else{ - $query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?' ); - $query->execute( array( $value, $user, $app, $key )); + $query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ?, `created` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?' ); + $query->execute( array( $value, time(), $user, $app, $key )); + } + return true; + } + + /** + * @brief sets a multi value in the preferences + * @param $user user + * @param $app app + * @param $key key + * @param $oldval old value + * @param $newval new value + * @returns true/false + * + * Updates a existing value in the preferences. If the key does not exist, it + * will be created automatically. + */ + public static function setMultiValue( $user, $app, $key, $oldval, $newval ){ + // Check if the key does exist + $query = OC_DB::prepare( 'SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' ); + $values=$query->execute(array($user,$app,$key,$oldval))->fetchAll(); + $exists=(count($values)>0); + + if( !$exists ){ + $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue`, `created` ) VALUES( ?, ?, ?, ?, ? )' ); + $query->execute( array( $user, $app, $key, $newval, time() )); + } + else{ + $query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ?, `created` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' ); + $query->execute( array( $newval, time(), $user, $app, $key, $oldval )); } return true; } @@ -170,6 +219,23 @@ public static function deleteKey( $user, $app, $key ) { return true; } + /** + * @brief Deletes values by date + * @param $user user + * @param $app app + * @param $key key + * @param $date date in epoch (use time() for that) + * @returns true/false + * + * Deletes values older than given time in epoch. + */ + public static function deleteValues( $user, $app, $key, $date ){ + $query = OC_DB::prepare( 'DELETE FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `created` < ?' ); + $result = $query->execute( array( $user, $app, $key, $date )); + + return true; + } + /** * @brief Remove app of user from preferences * @param string $user user diff --git a/lib/util.php b/lib/util.php index 6707d67638e6..45daa5815f76 100755 --- a/lib/util.php +++ b/lib/util.php @@ -80,8 +80,8 @@ public static function tearDownFS() { * @return array */ public static function getVersion() { - // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.9.0. This is not visible to the user - return array(4,87,12); + // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4,9,0. This is not visible to the user + return array(4,87,13); } /**