From ac70574e79ca5d863310ced07fc7584cd7447e55 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <timwolla@googlemail.com>
Date: Thu, 3 Jan 2013 18:53:32 +0100
Subject: [PATCH] Use secure comparing for the access token

---
 wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index ff38e352f2..7b221f2a04 100644
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -4,6 +4,7 @@ use wcf\data\user\User;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\session\SessionHandler;
 use wcf\system\WCF;
+use wcf\util\PasswordUtil;
 use wcf\util\StringUtil;
 
 /**
@@ -36,7 +37,7 @@ abstract class AbstractAuthedPage extends AbstractPage {
 			list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at']));
 			
 			if (WCF::getUser()->userID) {
-				if ($userID == WCF::getUser()->userID && WCF::getUser()->accessToken == $token) {
+				if ($userID == WCF::getUser()->userID && PasswordUtil::secureCompare(WCF::getUser()->accessToken, $token)) {
 					// everything is fine, but we are already logged in
 					return;
 				}
@@ -47,7 +48,7 @@ abstract class AbstractAuthedPage extends AbstractPage {
 			}
 			else {
 				$user = new User($userID);
-				if ($user->accessToken == $token) {
+				if (PasswordUtil::secureCompare($user->accessToken, $token)) {
 					// token is valid -> change user
 					SessionHandler::getInstance()->changeUser($user, true);
 				}
-- 
2.20.1