Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
changeset 697 8e9ba8b131fa
parent 691 dab7850c098d
child 711 f70d764aab33
equal deleted inserted replaced
694:43367c66d869 697:8e9ba8b131fa 
   884    * @return bool
 
   884    * @return bool
 
   885    */
 
   885    */
 
   886    
   886    
   887   function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER, $remember = false)
 
   887   function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER, $remember = false)
 
   888   {
 
   888   {
 
       
   889     global $db, $session, $paths, $template, $plugins; // Common objects
 
       
   890     
   889     // Random key identifier
 
   891     // Random key identifier
 
   890     $salt = md5(microtime() . mt_rand());
 
   892     $salt = md5(microtime() . mt_rand());
 
   891     
   893     
   892     // SHA1 hash of password, stored in the key
 
   894     // SHA1 hash of password, stored in the key
 
   893     $passha1 = sha1($password);
 
   895     $passha1 = sha1($password);
 
   931       die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
 
   933       die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
 
   932     if(!is_int($level))
 
   934     if(!is_int($level))
 
   933       die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
 
   935       die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
 
   934     
   936     
   935     // All done!
 
   937     // All done!
 
   936     $query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');');
 
   938     $query = $db->sql_query('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');');
 
       
   939     if ( !$query && defined('IN_ENANO_UPGRADE') )
 
       
   940       // we're trying to upgrade so the key_type column is probably missing - try it again without specifying the key type
 
       
   941       $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
 
       
   942       
   937     return true;
 
   943     return true;
 
   938   }
 
   944   }
 
   939   
   945   
   940   /**
 
   946   /**
 
   941    * Identical to register_session in nature, but uses the old login/table structure. DO NOT use this except in the upgrade script under very controlled circumstances.
 
   947    * Identical to register_session in nature, but uses the old login/table structure. DO NOT use this except in the upgrade script under very controlled circumstances.
Enano CMS (1.1.x)