aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/api.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index c87b67b32..191051b47 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -294,9 +294,13 @@
global $CONFIG;
$site = $CONFIG->site_id;
- $token = md5(mt_rand(). microtime() . $username . $password);
+ $user = get_user_by_username($username);
+ $time = time();
+ $token = md5(rand(). microtime() . $username . $password . $time . $site);
+
+ if (!$user) return false;
- if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'"))
+ if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token'"))
return $token;
return false;
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-30 06:18:25 +0000