summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2011-06-22 21:20:03 +0200
committerFlorian Pritz <bluewind@xinu.at>2011-06-22 21:20:03 +0200
commite5063677dfe9c2960d8ebd125fc99ed910f3c552 (patch)
tree63367b366e5b10e226c4be39eaff5fe9234e60a9
parentadbb59308024bfb6386eaa4a9d1a2eb6591b8456 (diff)
downloadaur-e5063677dfe9c2960d8ebd125fc99ed910f3c552.tar.gz
aur-e5063677dfe9c2960d8ebd125fc99ed910f3c552.tar.xz
check if new SessionID already existsworking
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--web/lib/aur.inc.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 382578c0..3d1688ac 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -89,8 +89,16 @@ function new_sid() {
$rand_str = substr(md5(mt_rand()),2, 20);
- $id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand();
- return strtoupper(md5($id));
+ $id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) . mt_rand()));
+
+ $dbh = db_connect();
+ $q = "SELECT SessionID FROM Sessions WHERE `SessionID` = '".mysql_real_escape_string($id)."'";
+ $result = db_query($q, $dbh);
+ if (mysql_num_rows($result) == 0) {
+ return $id;
+ } else {
+ return new_sid();
+ }
}