Permanent login only with valid key

author Jakub Vrana <jakub@vrana.cz>

Fri, 7 May 2010 13:34:59 +0000 (15:34 +0200)

committer Jakub Vrana <jakub@vrana.cz>

Fri, 7 May 2010 13:34:59 +0000 (15:34 +0200)
author Jakub Vrana <jakub@vrana.cz>
Fri, 7 May 2010 13:34:59 +0000 (15:34 +0200)
committer Jakub Vrana <jakub@vrana.cz>
Fri, 7 May 2010 13:34:59 +0000 (15:34 +0200)
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php

index 1440f8a54be72df3c1ae9dadde5cf34db3bc99e8..2559325781baf7d714a2a3818cc53fb0dbeb48f8 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -15,11 +15,11 @@ if (!$_SESSION["token"]) {
  if (isset($_POST["server"])) {
         session_regenerate_id(); // defense against session fixation
         $_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
-       if ($_POST["permanent"]) {
+       if ($_POST["permanent"] && ($key = $adminer->permanentLogin())) {
                 cookie("adminer_permanent", //! store separately for each driver, server and username to allow several permanent logins
                         base64_encode($_POST["server"])
                         . ":" . base64_encode($_POST["username"])
-                       . ":" . base64_encode(encrypt_string($_POST["password"], $adminer->permanentLogin()))
+                       . ":" . base64_encode(encrypt_string($_POST["password"], $key))
                         . ":" . base64_encode($_POST["driver"])
                 );
         }
@@ -48,7 +48,6 @@ if (isset($_POST["server"])) {
                 session_regenerate_id(); // defense against session fixation
                 set_session("passwords", decrypt_string($cipher, $adminer->permanentLogin()));
         }
-       //! redirect ?select=tab
  }
  
  function auth_error($exception = null) {
author	Jakub Vrana <jakub@vrana.cz>
	Fri, 7 May 2010 13:34:59 +0000 (15:34 +0200)
committer	Jakub Vrana <jakub@vrana.cz>
	Fri, 7 May 2010 13:34:59 +0000 (15:34 +0200)