diff --git a/db_structure.xml b/db_structure.xml
index 99a30cb6137a..d18c9c8a2f6b 100644
--- a/db_structure.xml
+++ b/db_structure.xml
@@ -404,6 +404,14 @@
false
+
+ created
+ integer
+ 0
+ true
+ 8
+
+
pref_userid_appid_key_index
diff --git a/lib/base.php b/lib/base.php
index 41ff1870059a..7697b708178a 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -503,21 +503,31 @@ protected static function handleLogin() {
}
protected static function tryRememberLogin() {
- if(!isset($_COOKIE["oc_remember_login"])
- || !isset($_COOKIE["oc_token"])
- || !isset($_COOKIE["oc_username"])
- || !$_COOKIE["oc_remember_login"])
+ if(!isset($_COOKIE['oc_remember_login'])
+ || !isset($_COOKIE['oc_token'])
+ || !isset($_COOKIE['oc_username'])
+ || !$_COOKIE['oc_remember_login'])
{
return false;
}
OC_App::loadApps(array('authentication'));
- if(defined("DEBUG") && DEBUG) {
+ if(defined('DEBUG') && DEBUG) {
OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
}
+ // delete tokens older than 90 days
+ OC_Preferences::deleteValues($_COOKIE['oc_username'], 'login', 'token', time() - 7776000 );
// confirm credentials in cookie
if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
- OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token'])
+ OC_Preferences::valueExists($_COOKIE['oc_username'], 'login', 'token', $_COOKIE['oc_token']))
{
+ // generate new cookie
+ if(defined('DEBUG') && DEBUG) {
+ OC_Log::write('core','Refresh token in persistent login cookie',OC_Log::DEBUG);
+ }
+ $newtoken = md5($_COOKIE['oc_username'].OC_Util::generate_random_bytes(10).$_COOKIE['oc_token']);
+ OC_Preferences::setMultiValue($_COOKIE['oc_username'], 'login', 'token', $_COOKIE['oc_token'], $newtoken);
+ OC_User::setMagicInCookie($_COOKIE['oc_username'], $newtoken);
+ // login
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
}
@@ -528,7 +538,7 @@ protected static function tryRememberLogin() {
}
protected static function tryFormLogin() {
- if(!isset($_POST["user"]) || !isset($_POST['password'])) {
+ if(!isset($_POST['user']) || !isset($_POST['password'])) {
return false;
}
@@ -536,15 +546,15 @@ protected static function tryFormLogin() {
//setup extra user backends
OC_User::setupBackends();
-
- if(OC_User::login($_POST["user"], $_POST["password"])) {
- if(!empty($_POST["remember_login"])) {
- if(defined("DEBUG") && DEBUG) {
+
+ if(OC_User::login($_POST['user'], $_POST['password'])) {
+ if(!empty($_POST['remember_login'])) {
+ if(defined('DEBUG') && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
- $token = md5($_POST["user"].time().$_POST['password']);
- OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
- OC_User::setMagicInCookie($_POST["user"], $token);
+ $token = md5($_POST['user'].OC_Util::generate_random_bytes(10).$_POST['password']);
+ OC_Preferences::setMultiValue($_POST['user'], 'login', 'token', 'not defined', $token);
+ OC_User::setMagicInCookie($_POST['user'], $token);
}
else {
OC_User::unsetMagicInCookie();
diff --git a/lib/preferences.php b/lib/preferences.php
index b198a18415cc..05e4ede104cb 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -29,7 +29,8 @@
* `userid` VARCHAR( 255 ) NOT NULL ,
* `appid` VARCHAR( 255 ) NOT NULL ,
* `configkey` VARCHAR( 255 ) NOT NULL ,
- * `configvalue` VARCHAR( 255 ) NOT NULL
+ * `configvalue` VARCHAR( 255 ) NOT NULL ,
+ * `created` NUMBER( 8 ) NOT NULL
* )
*
*/
@@ -125,6 +126,25 @@ public static function getValue( $user, $app, $key, $default = null ) {
}
}
+ /**
+ * @brief checks is a preference exists
+ * @param $user user
+ * @param $app app
+ * @param $key key
+ * @param $value value
+ * @returns true/false
+ *
+ * This function searches the preference table for a given value.
+ */
+ public static function valueExists( $user, $app, $key, $value ){
+ // Check if the key exist
+ $query = OC_DB::prepare( 'SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' );
+ $values=$query->execute(array($user,$app,$key,$value))->fetchAll();
+ $exists=(count($values)>0);
+
+ return $exists;
+ }
+
/**
* @brief sets a value in the preferences
* @param string $user user
@@ -143,12 +163,41 @@ public static function setValue( $user, $app, $key, $value ) {
$exists=(count($values)>0);
if( !$exists ) {
- $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue` ) VALUES( ?, ?, ?, ? )' );
- $query->execute( array( $user, $app, $key, $value ));
+ $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue`, `created` ) VALUES( ?, ?, ?, ?, ? )' );
+ $query->execute( array( $user, $app, $key, $value, time() ));
}
else{
- $query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?' );
- $query->execute( array( $value, $user, $app, $key ));
+ $query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ?, `created` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?' );
+ $query->execute( array( $value, time(), $user, $app, $key ));
+ }
+ return true;
+ }
+
+ /**
+ * @brief sets a multi value in the preferences
+ * @param $user user
+ * @param $app app
+ * @param $key key
+ * @param $oldval old value
+ * @param $newval new value
+ * @returns true/false
+ *
+ * Updates a existing value in the preferences. If the key does not exist, it
+ * will be created automatically.
+ */
+ public static function setMultiValue( $user, $app, $key, $oldval, $newval ){
+ // Check if the key does exist
+ $query = OC_DB::prepare( 'SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' );
+ $values=$query->execute(array($user,$app,$key,$oldval))->fetchAll();
+ $exists=(count($values)>0);
+
+ if( !$exists ){
+ $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue`, `created` ) VALUES( ?, ?, ?, ?, ? )' );
+ $query->execute( array( $user, $app, $key, $newval, time() ));
+ }
+ else{
+ $query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ?, `created` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' );
+ $query->execute( array( $newval, time(), $user, $app, $key, $oldval ));
}
return true;
}
@@ -170,6 +219,23 @@ public static function deleteKey( $user, $app, $key ) {
return true;
}
+ /**
+ * @brief Deletes values by date
+ * @param $user user
+ * @param $app app
+ * @param $key key
+ * @param $date date in epoch (use time() for that)
+ * @returns true/false
+ *
+ * Deletes values older than given time in epoch.
+ */
+ public static function deleteValues( $user, $app, $key, $date ){
+ $query = OC_DB::prepare( 'DELETE FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `created` < ?' );
+ $result = $query->execute( array( $user, $app, $key, $date ));
+
+ return true;
+ }
+
/**
* @brief Remove app of user from preferences
* @param string $user user
diff --git a/lib/util.php b/lib/util.php
index 6707d67638e6..45daa5815f76 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -80,8 +80,8 @@ public static function tearDownFS() {
* @return array
*/
public static function getVersion() {
- // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.9.0. This is not visible to the user
- return array(4,87,12);
+ // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4,9,0. This is not visible to the user
+ return array(4,87,13);
}
/**