From 4426b6fb5631d430fcac0664a8d011e8ef1e3558 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 24 Sep 2008 18:35:47 +0000
Subject: auth_token api call now functional

git-svn-id: https://code.elgg.org/elgg/trunk@2121 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/api.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'engine/lib')

diff --git a/engine/lib/api.php b/engine/lib/api.php
index c87b67b32..191051b47 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -294,9 +294,13 @@
 		global $CONFIG;
 		
 		$site = $CONFIG->site_id;
-		$token = md5(mt_rand(). microtime() . $username . $password);
+		$user = get_user_by_username($username);
+		$time = time();
+		$token = md5(rand(). microtime() . $username . $password . $time . $site);
+		
+		if (!$user) return false; 
 		
-		if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'"))
+		if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token'"))
 			return $token;
 			
 		return false;
-- 
cgit v1.2.3