- (almost) uniqe cookies

Changed files:
    modules/cmds.py -> 1.7

diff --git a/modules/cmds.py b/modules/cmds.py
index 424cc3e4da56ed69a9dc2f9ad3763e9a8cb29c98..10e3072f4a58b3e5c3c87c61de80052870e07b61 100644 (file)
--- a/modules/cmds.py
+++ b/modules/cmds.py
@@ -100,8 +100,9 @@ def cmd_login_passwd(con, data):
         raise BailOut
     login=tmp[0]
     passwd=tmp[1]
-    if login in users and users[login]==md5.new(passwd).hexdigest():
-        cookie=md5.new(login+passwd+`time.time()`).hexdigest()
+    md5pass=md5.new(passwd).hexdigest()
+    if login in users and users[login]==md5pass:
+        cookie=`time.time()`.split('.')[0]+'_'+md5.new(md5pass+salt).hexdigest()
         cookies[cookie]=login
         write_cookies()
         con.authorized=True
@@ -138,4 +139,5 @@ BailOut="BailOut"
 locks={}
 logfile=open(common.ftpadmdir+'var/log', 'a')
 load_creds()
+salt=md5.new(`time.time()`).hexdigest()