aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/api.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index c87b67b32..191051b47 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -294,9 +294,13 @@
global $CONFIG;
$site = $CONFIG->site_id;
- $token = md5(mt_rand(). microtime() . $username . $password);
+ $user = get_user_by_username($username);
+ $time = time();
+ $token = md5(rand(). microtime() . $username . $password . $time . $site);
+
+ if (!$user) return false;
- if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'"))
+ if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token'"))
return $token;
return false;