diff options
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/aur.inc | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 47156487..02580604 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -78,7 +78,7 @@ function check_sid() { $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; $result = db_query($q, $dbh); - if (!$result) { + if (mysql_num_rows($result) == 0) { # Invalid SessionID - hacker alert! # $failed = 1; @@ -91,12 +91,10 @@ function check_sid() { } if ($failed == 1) { # clear out the hacker's cookie, and send them to a naughty page + # why do you have to be so harsh on these people!? # setcookie("AURSID", "", time() - (60*60*24*30), "/"); - # I think it's probably safe to do the same as below with this - # but not really vital at this point - header("Location: /hacker.php"); - + unset($_COOKIE['AURSID']); } elseif ($failed == 2) { # visitor's session id either doesn't exist, or the timeout # was reached and they must login again, send them back to |