[aur-dev] [PATCH 5/5] check if new SessionID already exists

Florian Pritz Wed, 22 Jun 2011 12:37:16 -0700

Signed-off-by: Florian Pritz <bluew...@xinu.at>
---
 web/lib/aur.inc.php |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)


diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 382578c..3d1688a 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -89,8 +89,16 @@ function new_sid() {
 
        $rand_str = substr(md5(mt_rand()),2, 20);
 
-       $id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand();
-       return strtoupper(md5($id));
+       $id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) . 
mt_rand()));
+
+       $dbh = db_connect();
+       $q = "SELECT SessionID FROM Sessions WHERE `SessionID` = 
'".mysql_real_escape_string($id)."'";
+       $result = db_query($q, $dbh);
+       if (mysql_num_rows($result) == 0) {
+               return $id;
+       } else {
+               return new_sid();
+       }
 }
 
 
-- 
1.7.5.4

[aur-dev] [PATCH 5/5] check if new SessionID already exists

Reply via email to