[aur-dev] [PATCH 5/5] check if new SessionID already exists

Wed Jun 22 15:36:44 EDT 2011

Signed-off-by: Florian Pritz <bluewind at xinu.at>
---
 web/lib/aur.inc.php |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 382578c..3d1688a 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -89,8 +89,16 @@ function new_sid() {
 
 	$rand_str = substr(md5(mt_rand()),2, 20);
 
-	$id = $rand_str . strtolower(md5($ts.$pid)) . mt_rand();
-	return strtoupper(md5($id));
+	$id = strtoupper(md5($rand_str . strtolower(md5($ts.$pid)) . mt_rand()));
+
+	$dbh = db_connect();
+	$q = "SELECT SessionID FROM Sessions WHERE `SessionID` = '".mysql_real_escape_string($id)."'";
+	$result = db_query($q, $dbh);
+	if (mysql_num_rows($result) == 0) {
+		return $id;
+	} else {
+		return new_sid();
+	}
 }
 
 
-- 
1.7.5.4
