From 6217dcf7173834a5f42ac0f16a6bfe9e796107a2 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Fri, 7 May 2010 15:34:59 +0200
Subject: [PATCH] Permanent login only with valid key

---
 adminer/include/auth.inc.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 1440f8a5..25593257 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -15,11 +15,11 @@ if (!$_SESSION["token"]) {
 if (isset($_POST["server"])) {
 	session_regenerate_id(); // defense against session fixation
 	$_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
-	if ($_POST["permanent"]) {
+	if ($_POST["permanent"] && ($key = $adminer->permanentLogin())) {
 		cookie("adminer_permanent", //! store separately for each driver, server and username to allow several permanent logins
 			base64_encode($_POST["server"])
 			. ":" . base64_encode($_POST["username"])
-			. ":" . base64_encode(encrypt_string($_POST["password"], $adminer->permanentLogin()))
+			. ":" . base64_encode(encrypt_string($_POST["password"], $key))
 			. ":" . base64_encode($_POST["driver"])
 		);
 	}
@@ -48,7 +48,6 @@ if (isset($_POST["server"])) {
 		session_regenerate_id(); // defense against session fixation
 		set_session("passwords", decrypt_string($cipher, $adminer->permanentLogin()));
 	}
-	//! redirect ?select=tab
 }
 
 function auth_error($exception = null) {