Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

generate_session_hash()

Description

Generates a unique session hash for user authentication.

This function creates a session hash based on either a completely randomized method or a method
that combines a password hash with the current date. It ensures that the generated hash is unique
by checking against existing sessions in the database.

Parameters

ColumnTypeDefaultDescription
$password_hash string The hashed password of the user, used for generating the session hash.

Return

string Returns a unique session hash.

Location

include/login_functions.php lines 226 to 252

Definition

 
function generate_session_hash($password_hash)
    {
    # Generates a unique session hash
    global $randomised_session_hash,$scramble_key;
    
    if ($randomised_session_hash)
        {
        # Completely randomised session hashes. May be more secure, but allows only one user at a time.
        while (true)
            {
            $session=md5(generateSecureKey(128));
            if (ps_value("select count(*) value from user where session=?",array("s",$session),0)==0) {return $session;} # Return a unique hash only.
            }
        }
    else
        {
        # Session hash is based on the password hash and the date, so there is one new session hash each day. Allows two users to use the same login.
        $suffix="";
        while (true)
            {
            $session=md5($scramble_key $password_hash date("Ymd") . $suffix);
            if (ps_value("select count(*) value from user where session=? and password<>?",array("s",$session,"s",$password_hash),0)==0) {return $session;} # Return a unique hash only.
            $suffix.="."# Extremely unlikely case that this was not a unique session (hash collision) - alter the string slightly and try again.
            }
        }   
        
    }

This article was last updated 11th December 2024 11:35 Europe/London time based on the source file dated 25th November 2024 11:45 Europe/London time.