external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Simplify session ID generation

Browse source 
There was too much voodoo going on in new_sid(). Just use uniqid() with
a random seed and the optional entropy parameter to generate MD5 input.

Use the remote IP address as a salt to reduce the chance of two clients
getting the same ID if they login at exactly the same time.

Thanks-to: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-06-25 11:39:19 +02:00
parent e686b495a8
commit 0f994df357
1 changed files with 1 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
web/lib/aur.inc.php
View file

@ -91,16 +91,7 @@ function make_seed() {
# generate a (hopefully) unique session id
#
function new_sid() {
mt_srand(make_seed());
$ts = time();
$pid = getmypid();
$rand_num = mt_rand();
mt_srand(make_seed());
$rand_str = substr(md5(mt_rand()),2, 20);
$id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num;
return strtoupper(md5($id));
return md5($_SERVER['REMOTE_ADDR'] . uniqid(mt_rand(), true));
}