From: Tim Starling <tstarling@users.mediawiki.org>
Date: Wed, 16 Mar 2005 07:41:58 +0000 (+0000)
Subject: Making the secret key source a bit more robust for existing installations
X-Git-Tag: 1.5.0alpha1~599
X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=82bb4aaab6dd4611b5f04ee24a68a27e8e031873;p=lhc%2Fweb%2Fwiklou.git

Making the secret key source a bit more robust for existing installations
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 3ea935afd5..fd3a83dd7b 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -526,7 +526,7 @@ $wgProxyScriptPath = "$IP/proxy_check.php";
 /** */
 $wgProxyMemcExpiry = 86400;
 /** This should always be customised in LocalSettings.php */
-$wgSecretKey = 'W1svekXc5u6lZllTZOwnzEk1nbs';
+$wgSecretKey = false;
 /** big list of banned IP addresses, in the keys not the values */
 $wgProxyList = array();
 
diff --git a/includes/User.php b/includes/User.php
index ceccb18ce8..359ce10d7c 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -592,8 +592,15 @@ class User {
 
 	# Set the random token (used for persistent authentication)
 	function setToken( $token = false ) {
-		global $wgSecretKey, $wgDBname;
+		global $wgSecretKey, $wgProxyKey, $wgDBname;
 		if ( !$token ) {
+			if ( $wgSecretKey ) {
+				$key = $wgSecretKey;
+			} elseif ( $wgProxyKey ) {
+				$key = $wgProxyKey;
+			} else {
+				$key = microtime();
+			}
 			$this->mToken = md5( $wgSecretKey . mt_rand( 0, 0x7fffffff ) . $wgDBname . $this->mId );
 		} else {
 			$this->mToken = $token;