includes/sessions.php
changeset 700 491314c44d23
parent 697 8e9ba8b131fa
child 711 f70d764aab33
equal deleted inserted replaced
699:c7d737202d59 700:491314c44d23
   884    * @return bool
   884    * @return bool
   885    */
   885    */
   886    
   886    
   887   function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER, $remember = false)
   887   function register_session($user_id, $username, $password, $level = USER_LEVEL_MEMBER, $remember = false)
   888   {
   888   {
       
   889     global $db, $session, $paths, $template, $plugins; // Common objects
       
   890     
   889     // Random key identifier
   891     // Random key identifier
   890     $salt = md5(microtime() . mt_rand());
   892     $salt = md5(microtime() . mt_rand());
   891     
   893     
   892     // SHA1 hash of password, stored in the key
   894     // SHA1 hash of password, stored in the key
   893     $passha1 = sha1($password);
   895     $passha1 = sha1($password);
   931       die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
   933       die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
   932     if(!is_int($level))
   934     if(!is_int($level))
   933       die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
   935       die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
   934     
   936     
   935     // All done!
   937     // All done!
   936     $query = $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');');
   938     $query = $db->sql_query('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');');
       
   939     if ( !$query && defined('IN_ENANO_UPGRADE') )
       
   940       // we're trying to upgrade so the key_type column is probably missing - try it again without specifying the key type
       
   941       $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time) VALUES(\''.$keyhash.'\', \''.$salt.'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.');');
       
   942       
   937     return true;
   943     return true;
   938   }
   944   }
   939   
   945   
   940   /**
   946   /**
   941    * Identical to register_session in nature, but uses the old login/table structure. DO NOT use this except in the upgrade script under very controlled circumstances.
   947    * Identical to register_session in nature, but uses the old login/table structure. DO NOT use this except in the upgrade script under very controlled circumstances.