auth_token api call now functional

git-svn-id: https://code.elgg.org/elgg/trunk@2121 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-24 18:35:47 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-24 18:35:47 +0000
commit: 4426b6fb5631d430fcac0664a8d011e8ef1e3558 (patch)
tree: 5fc29c6fe2fbeeff9cecb29b569ae5ea06dc7f36 /engine/lib
parent: cb6bac059f98b6f4a67c6bfb92a4e1cc5e4f359e (diff)
download: elgg-4426b6fb5631d430fcac0664a8d011e8ef1e3558.tar.gz
elgg-4426b6fb5631d430fcac0664a8d011e8ef1e3558.tar.bz2
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index c87b67b32..191051b47 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -294,9 +294,13 @@
 		global $CONFIG;
 		
 		$site = $CONFIG->site_id;
-		$token = md5(mt_rand(). microtime() . $username . $password);
+		$user = get_user_by_username($username);
+		$time = time();
+		$token = md5(rand(). microtime() . $username . $password . $time . $site);
+		
+		if (!$user) return false; 
 		
-		if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'"))
+		if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token'"))
 			return $token;
 			
 		return false;
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-24 18:35:47 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-24 18:35:47 +0000
commit	4426b6fb5631d430fcac0664a8d011e8ef1e3558 (patch)
tree	5fc29c6fe2fbeeff9cecb29b569ae5ea06dc7f36 /engine/lib
parent	cb6bac059f98b6f4a67c6bfb92a4e1cc5e4f359e (diff)
download	elgg-4426b6fb5631d430fcac0664a8d011e8ef1e3558.tar.gz elgg-4426b6fb5631d430fcac0664a8d011e8ef1e3558.tar.bz2