mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-07 16:15:22 +02:00
Code Issues Releases Wiki Activity

I'm merging a few changes that we made to the session code in 2.0 into

Browse Source 
this code stream as well. This should work, but equally it might break
the autologin :-)


git-svn-id: file:///svn/phpbb/trunk@5288 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2005-11-03 20:53:47 +00:00
parent 759e33f759
commit 24efdfcd88
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/includes/functions.php
View File

@ -138,11 +138,12 @@ function gen_rand_string($num_chars)
/**
* Return unique id
* @param $extra additional entropy for call to mt_srand
*/
function unique_id()
function unique_id($extra = 0)
{
list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
mt_srand((float) $extra + (float) $sec + ((float) $usec * 100000));
return uniqid(mt_rand(), true);
}

8
phpBB/includes/session.php
View File

@ -205,7 +205,7 @@ class session
WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
AND u.user_type <> ' . USER_INACTIVE . "
AND k.user_id = u.user_id
AND k.key_id = '" . $db->sql_escape($this->cookie_data['k']) . "'";
AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
@ -657,8 +657,9 @@ class session
$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
$key = ($key === false) ? ((!empty($this->cookie_data['k'])) ? $this->cookie_data['k'] : false) : $key;
$key_id = unique_id(hexdec(substr($this->session_id, 0, 8)));
$sql_ary = array(
'key_id' => (string) md5(unique_id()),
'key_id' => (string) md5($key_id),
'last_ip' => (string) $this->ip,
'last_login' => (int) time()
);
@ -672,8 +673,9 @@ class session
$sql = ($key) ? 'UPDATE ' . SESSIONS_KEYS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_id . ' AND key_id = "' . $db->sql_escape($key) . '"' : 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
$this->cookie_data['k'] = $sql_ary['key_id'];
$this->cookie_data['k'] = $key_id;
unset($sql_ary);
unset($key_id)
return false;
}