diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-06-25 11:39:19 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-06-25 11:58:20 +0200 |
commit | 0f994df357c3aa9d7a29cca711cb5f6d29a4b614 (patch) | |
tree | 48b5d831294b1742857dcb3f8c742e60d5e89279 /web | |
parent | e686b495a86fd7d1fd537dea56fa9b9e148045f7 (diff) | |
download | aurweb-0f994df357c3aa9d7a29cca711cb5f6d29a4b614.tar.xz |
Simplify session ID generation
There was too much voodoo going on in new_sid(). Just use uniqid() with
a random seed and the optional entropy parameter to generate MD5 input.
Use the remote IP address as a salt to reduce the chance of two clients
getting the same ID if they login at exactly the same time.
Thanks-to: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/lib/aur.inc.php | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 73f8fd3..00a8c8c 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -91,16 +91,7 @@ function make_seed() { # generate a (hopefully) unique session id # function new_sid() { - mt_srand(make_seed()); - $ts = time(); - $pid = getmypid(); - - $rand_num = mt_rand(); - mt_srand(make_seed()); - $rand_str = substr(md5(mt_rand()),2, 20); - - $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num; - return strtoupper(md5($id)); + return md5($_SERVER['REMOTE_ADDR'] . uniqid(mt_rand(), true)); } |