improved persistent cookies

db_structure.xml

@@ -404,6 +404,14 @@
 				<notnull>false</notnull>
 			</field>
 
+			<field>
+				<name>created</name>
+				<type>integer</type>
+				<default>0</default>
+				<notnull>true</notnull>
+				<length>8</length>
+			</field>
+
 			<index>
 				<name>pref_userid_appid_key_index</name>
 				<field>

lib/base.php

@@ -503,21 +503,31 @@ protected static function handleLogin() {
 	}
 
 	protected static function tryRememberLogin() {
-		if(!isset($_COOKIE["oc_remember_login"])
-			|| !isset($_COOKIE["oc_token"])
-			|| !isset($_COOKIE["oc_username"])
-			|| !$_COOKIE["oc_remember_login"])
+		if(!isset($_COOKIE['oc_remember_login'])
+		  || !isset($_COOKIE['oc_token'])
+		  || !isset($_COOKIE['oc_username'])
+		  || !$_COOKIE['oc_remember_login'])
 		{
 			return false;
 		}
 		OC_App::loadApps(array('authentication'));
-		if(defined("DEBUG") && DEBUG) {
+		if(defined('DEBUG') && DEBUG) {
 			OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
 		}
+		// delete tokens older than 90 days
+                OC_Preferences::deleteValues($_COOKIE['oc_username'], 'login', 'token', time() - 7776000 );
 		// confirm credentials in cookie
 		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
-			OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token'])
+			OC_Preferences::valueExists($_COOKIE['oc_username'], 'login', 'token', $_COOKIE['oc_token']))
 		{
+			// generate new cookie
+			if(defined('DEBUG') && DEBUG) {
+				OC_Log::write('core','Refresh token in persistent login cookie',OC_Log::DEBUG);
+			}
+			$newtoken = md5($_COOKIE['oc_username'].OC_Util::generate_random_bytes(10).$_COOKIE['oc_token']);
+			OC_Preferences::setMultiValue($_COOKIE['oc_username'], 'login', 'token', $_COOKIE['oc_token'], $newtoken);
+			OC_User::setMagicInCookie($_COOKIE['oc_username'], $newtoken);
+			// login
 			OC_User::setUserId($_COOKIE['oc_username']);
 			OC_Util::redirectToDefaultPage();
 		}
@@ -528,23 +538,23 @@ protected static function tryRememberLogin() {
 	}
 
 	protected static function tryFormLogin() {
-		if(!isset($_POST["user"]) || !isset($_POST['password'])) {
+		if(!isset($_POST['user']) || !isset($_POST['password'])) {
 			return false;
 		}
 
 		OC_App::loadApps();
 
 		//setup extra user backends
 		OC_User::setupBackends();
-
-		if(OC_User::login($_POST["user"], $_POST["password"])) {
-			if(!empty($_POST["remember_login"])) {
-				if(defined("DEBUG") && DEBUG) {
+		
+		if(OC_User::login($_POST['user'], $_POST['password'])) {
+			if(!empty($_POST['remember_login'])) {
+				if(defined('DEBUG') && DEBUG) {
 					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
 				}
-				$token = md5($_POST["user"].time().$_POST['password']);
-				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
-				OC_User::setMagicInCookie($_POST["user"], $token);
+				$token = md5($_POST['user'].OC_Util::generate_random_bytes(10).$_POST['password']);
+				OC_Preferences::setMultiValue($_POST['user'], 'login', 'token', 'not defined', $token);
+				OC_User::setMagicInCookie($_POST['user'], $token);
 			}
 			else {
 				OC_User::unsetMagicInCookie();

lib/preferences.php

@@ -29,7 +29,8 @@
  * `userid` VARCHAR( 255 ) NOT NULL ,
  * `appid` VARCHAR( 255 ) NOT NULL ,
  * `configkey` VARCHAR( 255 ) NOT NULL ,
- * `configvalue` VARCHAR( 255 ) NOT NULL
+ * `configvalue` VARCHAR( 255 ) NOT NULL ,
+ * `created` NUMBER( 8 ) NOT NULL
  * )
  *
  */
@@ -125,6 +126,25 @@ public static function getValue( $user, $app, $key, $default = null ) {
 		}
 	}
 
+	/**
+	 * @brief checks is a preference exists
+	 * @param $user user
+	 * @param $app app
+	 * @param $key key
+	 * @param $value value
+	 * @returns true/false
+	 *
+	 * This function searches the preference table for a given value.
+	 */
+	public static function valueExists( $user, $app, $key, $value ){
+		// Check if the key exist
+		$query = OC_DB::prepare( 'SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' );
+		$values=$query->execute(array($user,$app,$key,$value))->fetchAll();
+		$exists=(count($values)>0);
+
+		return $exists;
+	}
+
 	/**
 	 * @brief sets a value in the preferences
 	 * @param string $user user
@@ -143,12 +163,41 @@ public static function setValue( $user, $app, $key, $value ) {
 		$exists=(count($values)>0);
 
 		if( !$exists ) {
-			$query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue` ) VALUES( ?, ?, ?, ? )' );
-			$query->execute( array( $user, $app, $key, $value ));
+			$query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue`, `created` ) VALUES( ?, ?, ?, ?, ? )' );
+			$query->execute( array( $user, $app, $key, $value, time() ));
 		}
 		else{
-			$query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?' );
-			$query->execute( array( $value, $user, $app, $key ));
+			$query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ?, `created` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ?' );
+			$query->execute( array( $value, time(), $user, $app, $key ));
+		}
+		return true;
+	}
+
+	/**
+	 * @brief sets a multi value in the preferences
+	 * @param $user user
+	 * @param $app app
+	 * @param $key key
+	 * @param $oldval old value
+	 * @param $newval new value
+	 * @returns true/false
+	 *
+	 * Updates a existing value in the preferences. If the key does not exist, it
+	 * will be created automatically.
+	 */
+	public static function setMultiValue( $user, $app, $key, $oldval, $newval ){
+		// Check if the key does exist
+		$query = OC_DB::prepare( 'SELECT `configvalue` FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' );
+		$values=$query->execute(array($user,$app,$key,$oldval))->fetchAll();
+		$exists=(count($values)>0);
+
+		if( !$exists ){
+			$query = OC_DB::prepare( 'INSERT INTO `*PREFIX*preferences` ( `userid`, `appid`, `configkey`, `configvalue`, `created` ) VALUES( ?, ?, ?, ?, ? )' );
+			$query->execute( array( $user, $app, $key, $newval, time() ));
+		}
+		else{
+			$query = OC_DB::prepare( 'UPDATE `*PREFIX*preferences` SET `configvalue` = ?, `created` = ? WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?' );
+			$query->execute( array( $newval, time(), $user, $app, $key, $oldval ));
 		}
 		return true;
 	}
@@ -170,6 +219,23 @@ public static function deleteKey( $user, $app, $key ) {
 		return true;
 	}
 
+	/**
+	 * @brief Deletes values by date
+	 * @param $user user
+	 * @param $app app
+	 * @param $key key
+	 * @param $date date in epoch (use time() for that)
+	 * @returns true/false
+	 *
+	 * Deletes values older than given time in epoch.
+	 */
+	public static function deleteValues( $user, $app, $key, $date ){
+		$query = OC_DB::prepare( 'DELETE FROM `*PREFIX*preferences` WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `created` < ?' );
+		$result = $query->execute( array( $user, $app, $key, $date ));
+
+		return true;
+	}
+
 	/**
 	 * @brief Remove app of user from preferences
 	 * @param string $user user

lib/util.php

@@ -80,8 +80,8 @@ public static function tearDownFS() {
 	 * @return array
 	 */
 	public static function getVersion() {
-		// hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.9.0. This is not visible to the user
-		return array(4,87,12);
+		// hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4,9,0. This is not visible to the user
+		return array(4,87,13);
 	}
 
 	/**