Collections functions
General functions
Node functions
Render functions
Theme permission functions
User functions
Resource functions

generate_session_hash()

Parameters

ColumnTypeDefaultDescription
$password_hash

Location

include/login_functions.php lines 216 to 242

Definition

 
function generate_session_hash($password_hash)
    {
    
# Generates a unique session hash
    
global $randomised_session_hash,$scramble_key;
    
    if (
$randomised_session_hash)
        {
        
# Completely randomised session hashes. May be more secure, but allows only one user at a time.
        
while (true)
            {
            
$session=md5(rand() . microtime());
            if (
ps_value("select count(*) value from user where session=?",array("s",$session),0)==0) {return $session;} # Return a unique hash only.
            
}
        }
    else
        {
        
# Session hash is based on the password hash and the date, so there is one new session hash each day. Allows two users to use the same login.
        
$suffix="";
        while (
true)
            {
            
$session=md5($scramble_key $password_hash date("Ymd") . $suffix);
            if (
ps_value("select count(*) value from user where session=? and password<>?",array("s",$session,"s",$password_hash),0)==0) {return $session;} # Return a unique hash only.
            
$suffix.="."# Extremely unlikely case that this was not a unique session (hash collision) - alter the string slightly and try again.
            
}
        }   
        
    }

This article was last updated 19th March 2024 11:05 Europe/London time based on the source file dated 20th February 2024 17:10 Europe/London time.