From: Daniel Friesen Date: Tue, 7 Feb 2012 08:07:28 +0000 (+0000) Subject: (bug 34237) Regenerate an empty user_token and save to the database when we try to... X-Git-Tag: 1.31.0-rc.0~24901 X-Git-Url: http://git.cyclocoop.org/data/%24self?a=commitdiff_plain;h=877ef150d32c77fd0adf5a387c72de4d8c2b0856;p=lhc%2Fweb%2Fwiklou.git (bug 34237) Regenerate an empty user_token and save to the database when we try to set the user's cookies for login. This allows the entire user_token column to be regenerated after a leak by running `UPDATE user SET user_token = NULL;` and letting the user_tokens be regenerated as users try to log back in. --- diff --git a/includes/User.php b/includes/User.php index f8de2031f7..9b6f4e7d19 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2753,6 +2753,14 @@ class User { $this->load(); if ( 0 == $this->mId ) return; + if ( !$this->mToken ) { + // When token is empty or NULL generate a new one and then save it to the database + // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey + // Simply by setting every cell in the user_token column to NULL and letting them be + // regenerated as users log back into the wiki. + $this->setToken(); + $this->saveSettings(); + } $session = array( 'wsUserID' => $this->mId, 'wsToken' => $this->mToken,