diff options
-rw-r--r-- | engine/lib/api.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index c87b67b32..191051b47 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -294,9 +294,13 @@ global $CONFIG; $site = $CONFIG->site_id; - $token = md5(mt_rand(). microtime() . $username . $password); + $user = get_user_by_username($username); + $time = time(); + $token = md5(rand(). microtime() . $username . $password . $time . $site); + + if (!$user) return false; - if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'")) + if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token'")) return $token; return false; |