Some how there get double records in the database with the same ip, user_agent, sign and seed except the creation time is different and sometimes the counter is different.
The strange thing is that most of the time there are no double items.
I have tried many things but nothing helped, I have tried out the script with:
- PHP 5.23
- PHP 5.24
- PHP 5.25 (Nov 03, 2007 snapshot)
- PHP 5.30 (Nov 03, 2007 snapshot)
- Without PHP eAccelerator
- Without PHP zLIB compression
- MySQL 4.1.22
- MySQL 5.0.45
Any suggestion?
Code: Select all
// +------------------------------------------------------------------------+
// | Logout |
// +------------------------------------------------------------------------+
function logout()
{
global $cfg, $db;
$sid = cookie('netjukebox_sid');
$sign = RandomKey(36);
$seed2 = RandomKey(64);
$query = mysqli_query($db, 'SELECT sid FROM configuration_session WHERE sid = "' . mysqli_real_escape_string($db, $sid) . '"');
if (mysqli_fetch_row($query))
{
// Update current session
mysqli_query($db, 'UPDATE configuration_session SET
logged_in = 0,
ip = "' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '",
user_agent = "' . mysqli_real_escape_string($db, $_SERVER['HTTP_USER_AGENT']) . '",
sign = "' . mysqli_real_escape_string($db, $sign) . '",
seed = "' . mysqli_real_escape_string($db, $seed2) . '"
WHERE sid = "' . mysqli_real_escape_string($db, $sid) . '"');
}
else
{
// Create new session
$sid = RandomKey(36);
mysqli_query($db, 'INSERT INTO configuration_session (logged_in, create_time, ip, user_agent, sid, sign, seed) VALUES (
0,
' . (int) time() . ',
"' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '",
"' . mysqli_real_escape_string($db, $_SERVER['HTTP_USER_AGENT']) . '",
"' . mysqli_real_escape_string($db, $sid) . '",
"' . mysqli_real_escape_string($db, $sign) . '",
"' . mysqli_real_escape_string($db, $seed2) . '")');
setcookie('netjukebox_sid', $sid, time() + 3600 * 24 * 1095, '', '', '', true);
@ob_flush();
flush();
}
// Rest of the login script...