diff options
| author | Graham Eames <grahamje@users.sourceforge.net> | 2005-11-03 20:53:47 +0000 |
|---|---|---|
| committer | Graham Eames <grahamje@users.sourceforge.net> | 2005-11-03 20:53:47 +0000 |
| commit | 24efdfcd883eebf36d7f31f1e194bcf4ba444980 (patch) | |
| tree | 14bce2edaf8416d7b934429ec5f4e64e642f6a45 /phpBB/includes/session.php | |
| parent | 759e33f759a3feeef258765e3599c8a391f66b75 (diff) | |
| download | forums-24efdfcd883eebf36d7f31f1e194bcf4ba444980.tar forums-24efdfcd883eebf36d7f31f1e194bcf4ba444980.tar.gz forums-24efdfcd883eebf36d7f31f1e194bcf4ba444980.tar.bz2 forums-24efdfcd883eebf36d7f31f1e194bcf4ba444980.tar.xz forums-24efdfcd883eebf36d7f31f1e194bcf4ba444980.zip | |
I'm merging a few changes that we made to the session code in 2.0 into
this code stream as well. This should work, but equally it might break
the autologin :-)
git-svn-id: file:///svn/phpbb/trunk@5288 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e2141dde59..467d8ce581 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -205,7 +205,7 @@ class session WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' AND u.user_type <> ' . USER_INACTIVE . " AND k.user_id = u.user_id - AND k.key_id = '" . $db->sql_escape($this->cookie_data['k']) . "'"; + AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; $result = $db->sql_query($sql); $this->data = $db->sql_fetchrow($result); @@ -657,8 +657,9 @@ class session $user_ip = ($user_ip === false) ? $this->ip : $user_ip; $key = ($key === false) ? ((!empty($this->cookie_data['k'])) ? $this->cookie_data['k'] : false) : $key; + $key_id = unique_id(hexdec(substr($this->session_id, 0, 8))); $sql_ary = array( - 'key_id' => (string) md5(unique_id()), + 'key_id' => (string) md5($key_id), 'last_ip' => (string) $this->ip, 'last_login' => (int) time() ); @@ -672,8 +673,9 @@ class session $sql = ($key) ? 'UPDATE ' . SESSIONS_KEYS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_id . ' AND key_id = "' . $db->sql_escape($key) . '"' : 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); - $this->cookie_data['k'] = $sql_ary['key_id']; + $this->cookie_data['k'] = $key_id; unset($sql_ary); + unset($key_id) return false; } |