From 61126c77eb06947375223b3ca8f56ed59d2fa3f6 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Thu, 25 Aug 2016 14:59:50 +0200 Subject: [PATCH] Hash collisions are extremely unlikely, simplify check for it. --- chat.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/chat.php b/chat.php index 0eca04e..528797c 100644 --- a/chat.php +++ b/chat.php @@ -2060,10 +2060,10 @@ function create_session($setup){ function write_new_session(){ global $I, $P, $U, $db; - parse_sessions(); $stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'sessions WHERE nickname=?;'); $stmt->execute(array($U['nickname'])); if($temp=$stmt->fetch(PDO::FETCH_ASSOC)){ + // check whether alrady logged in if($U['passhash']===$temp['passhash']){ $U=$temp; check_kicked(); @@ -2072,15 +2072,12 @@ function write_new_session(){ send_error("$I[userloggedin]
$I[wrongpass]"); } }else{ - $sids=[]; // create new session - $stmt=$db->query('SELECT session FROM ' . PREFIX . 'sessions;'); - while($temp=$stmt->fetch(PDO::FETCH_ASSOC)){ - $sids[$temp['session']]=true;// collect all existing ids - } + $stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'sessions WHERE session=?;'); do{ $U['session']=md5(time().mt_rand().$U['nickname']); - }while(isSet($sids[$U['session']]));// check for hash collision + $stmt->execute([$U['session']]); + }while($stmt->fetch(PDO::FETCH_NUM)); // check for hash collision if(isSet($_SERVER['HTTP_USER_AGENT'])){ $useragent=htmlspecialchars($_SERVER['HTTP_USER_AGENT']); }else{ @@ -3735,7 +3732,7 @@ function load_lang(){ function load_config(){ date_default_timezone_set('UTC'); define('VERSION', '1.20.6'); // Script version - define('DBVERSION', 26); // Database version + define('DBVERSION', 26); // Database layout version define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing! define('ENCRYPTKEY', 'MY_KEY'); // Encryption key for messages define('DBHOST', 'localhost'); // Database host