On Wed, Jun 22, 2011 at 09:36:44PM +0200, Florian Pritz wrote: > Signed-off-by: Florian Pritz <bluew...@xinu.at> > --- > web/lib/aur.inc.php | 12 ++++++++++-- > 1 files changed, 10 insertions(+), 2 deletions(-) > > diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php > index 382578c..3d1688a 100644 > --- a/web/lib/aur.inc.php > +++ b/web/lib/aur.inc.php > @@ -89,8 +89,16 @@ function new_sid() { > > $rand_str = substr(md5(mt_rand()),2, 20); > > - $id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand(); > - return strtoupper(md5($id)); > + $id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) . > mt_rand())); > + > + $dbh = db_connect(); > + $q = "SELECT SessionID FROM Sessions WHERE `SessionID` = > '".mysql_real_escape_string($id)."'"; > + $result = db_query($q, $dbh); > + if (mysql_num_rows($result) == 0) { > + return $id; > + } else { > + return new_sid(); > + }
-1. new_sid() is (mis-)used at some other places as well, plus there's an additional check in try_login() which ensures we don't use the same session ID twice (even tough there's only a 8.27E-25 chance this will ever happen). > } > > > -- > 1.7.5.4