From e5063677dfe9c2960d8ebd125fc99ed910f3c552 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Wed, 22 Jun 2011 21:20:03 +0200 Subject: check if new SessionID already exists Signed-off-by: Florian Pritz --- web/lib/aur.inc.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'web/lib') diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 382578c0..3d1688ac 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -89,8 +89,16 @@ function new_sid() { $rand_str = substr(md5(mt_rand()),2, 20); - $id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand(); - return strtoupper(md5($id)); + $id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) . mt_rand())); + + $dbh = db_connect(); + $q = "SELECT SessionID FROM Sessions WHERE `SessionID` = '".mysql_real_escape_string($id)."'"; + $result = db_query($q, $dbh); + if (mysql_num_rows($result) == 0) { + return $id; + } else { + return new_sid(); + } } -- cgit v1.2.3-24-g4f1b