************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
global $_CONFIG, $SURFBAR_CACHE;
+ // @TODO Invalid salt should be refused
+ $SURFBAR_CACHE['salt'] = "INVALID";
+
+ // Get code length from config
+ $length = $_CONFIG['code_length'];
+
+ // Fix length to 10
+ if ($length == 0) $length = 10;
+
// Generate a code until the length matches
$valCode = "";
- while (strlen($valCode) != $_CONFIG['code_length']) {
+ while (strlen($valCode) != $length) {
// Is the salt set?
if (empty($salt)) {
// Generate random hashed string
}
// ... and now the validation code
- $valCode = GEN_RANDOM_CODE($_CONFIG['code_length'], sha1(SURFBAR_GET_SALT().":".$id), $GLOBALS['userid']);
+ $valCode = GEN_RANDOM_CODE($length, sha1(SURFBAR_GET_SALT().":".$id), $GLOBALS['userid']);
//DEBUG_LOG(__FUNCTION__.":valCode={$valCode}");
} // END - while