/** * Try to login a user using the remember me cookie. * @return bool Whether the provided cookie was valid */ protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"] || !OC_Util::rememberLoginAllowed()) { return false; } if (\OC::$server->getConfig()->getSystemValue('debug', false)) { \OCP\Util::writeLog('core', 'Trying to login from cookie', \OCP\Util::DEBUG); } if (OC_User::userExists($_COOKIE['oc_username'])) { self::cleanupLoginTokens($_COOKIE['oc_username']); // verify whether the supplied "remember me" token was valid $granted = OC_User::loginWithCookie($_COOKIE['oc_username'], $_COOKIE['oc_token']); if ($granted === true) { OC_Util::redirectToDefaultPage(); // doesn't return } \OCP\Util::writeLog('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], \OCP\Util::WARN); // if you reach this point you have changed your password // or you are an attacker // we can not delete tokens here because users may reach // this point multiple times after a password change } OC_User::unsetMagicInCookie(); return true; }