On Wed, Jun 22, 2011 at 09:36:44PM +0200, Florian Pritz wrote:
> Signed-off-by: Florian Pritz <bluew...@xinu.at>
> ---
> web/lib/aur.inc.php | 12 ++++++++++--
> 1 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
> index 382578c..3d1688a 100644
> --- a/web/lib/aur.inc.php
> +++ b/web/lib/aur.inc.php
> @@ -89,8 +89,16 @@ function new_sid() {
>
> $rand_str = substr(md5(mt_rand()),2, 20);
>
> - $id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand();
> - return strtoupper(md5($id));
> + $id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) .
> mt_rand()));
> +
> + $dbh = db_connect();
> + $q = "SELECT SessionID FROM Sessions WHERE `SessionID` =
> '".mysql_real_escape_string($id)."'";
> + $result = db_query($q, $dbh);
> + if (mysql_num_rows($result) == 0) {
> + return $id;
> + } else {
> + return new_sid();
> + }
-1. new_sid() is (mis-)used at some other places as well, plus there's
an additional check in try_login() which ensures we don't use the same
session ID twice (even tough there's only a 8.27E-25 chance this will
ever happen).
> }
>
>
> --
> 1.7.5.4
