From 3338fcdd19eecde43f5780f29572fb31a64693bf Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Wed, 28 Feb 2018 16:27:00 -0800
Subject: [PATCH] web: in download.php, use current login token if recent

Generate a new login token only if the current one is older than a day.
That way if a user does several downloads in quick succession
(for whatever reason) autoattach will work with all of them.
---
 html/inc/account.inc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/html/inc/account.inc b/html/inc/account.inc
index fd574a94ce..7423e7e80e 100644
--- a/html/inc/account.inc
+++ b/html/inc/account.inc
@@ -20,11 +20,15 @@
 // - forms for create / login
 // - function to make login token
 
-// make login token, store in user record, return token
+// If have recent token, return it.
+// Else make login token, store in user record, return token
 //
 function make_login_token($user) {
-    $token = substr(random_string(), 0, 8);
     $now = time();
+    if ($now - $user->login_token_time < 86400) {
+        return $user->login_token;
+    }
+    $token = substr(random_string(), 0, 8);
     $user->update("login_token='$token', login_token_time=$now");
     return $token;
 }