summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-06-25 11:39:19 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-06-25 11:58:20 +0200
commit0f994df357c3aa9d7a29cca711cb5f6d29a4b614 (patch)
tree48b5d831294b1742857dcb3f8c742e60d5e89279 /web
parente686b495a86fd7d1fd537dea56fa9b9e148045f7 (diff)
downloadaurweb-0f994df357c3aa9d7a29cca711cb5f6d29a4b614.tar.xz
Simplify session ID generation
There was too much voodoo going on in new_sid(). Just use uniqid() with a random seed and the optional entropy parameter to generate MD5 input. Use the remote IP address as a salt to reduce the chance of two clients getting the same ID if they login at exactly the same time. Thanks-to: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/lib/aur.inc.php11
1 files changed, 1 insertions, 10 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 73f8fd3..00a8c8c 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -91,16 +91,7 @@ function make_seed() {
# generate a (hopefully) unique session id
#
function new_sid() {
- mt_srand(make_seed());
- $ts = time();
- $pid = getmypid();
-
- $rand_num = mt_rand();
- mt_srand(make_seed());
- $rand_str = substr(md5(mt_rand()),2, 20);
-
- $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num;
- return strtoupper(md5($id));
+ return md5($_SERVER['REMOTE_ADDR'] . uniqid(mt_rand(), true));
}