diff options
| author | Florian Pritz <bluewind@xinu.at> | 2011-06-22 21:20:03 +0200 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2011-06-22 21:20:03 +0200 |
| commit | e5063677dfe9c2960d8ebd125fc99ed910f3c552 (patch) | |
| tree | 63367b366e5b10e226c4be39eaff5fe9234e60a9 | |
| parent | adbb59308024bfb6386eaa4a9d1a2eb6591b8456 (diff) | |
| download | aur-e5063677dfe9c2960d8ebd125fc99ed910f3c552.tar.gz aur-e5063677dfe9c2960d8ebd125fc99ed910f3c552.tar.xz | |
check if new SessionID already existsworking
Signed-off-by: Florian Pritz <bluewind@xinu.at>
| -rw-r--r-- | web/lib/aur.inc.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 382578c0..3d1688ac 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -89,8 +89,16 @@ function new_sid() { $rand_str = substr(md5(mt_rand()),2, 20); - $id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand(); - return strtoupper(md5($id)); + $id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) . mt_rand())); + + $dbh = db_connect(); + $q = "SELECT SessionID FROM Sessions WHERE `SessionID` = '".mysql_real_escape_string($id)."'"; + $result = db_query($q, $dbh); + if (mysql_num_rows($result) == 0) { + return $id; + } else { + return new_sid(); + } } |