From 97835f33caa3041791df7bc6c392a50a9197ab81 Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Sat, 18 Jan 2014 22:21:33 -0500
Subject: [PATCH] fixed explicit time check for token validity

---
 public/include/classes/token.class.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/public/include/classes/token.class.php b/public/include/classes/token.class.php
index ac60a371..39be5bce 100644
--- a/public/include/classes/token.class.php
+++ b/public/include/classes/token.class.php
@@ -48,8 +48,14 @@ class Token Extends Base {
     $checktime = $ctimedata->getTimestamp() + $expiretime;
     $now = time();
     if ($checktime >= $now && $checkTimeExplicitly || !$checkTimeExplicitly) {
-      $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? LIMIT 1");
-      if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute())
+      if ($checkTimeExplicitly) {
+        $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? AND ? >= UNIX_TIMESTAMP() LIMIT 1");
+        $stmt->bind_param('isii', $account_id, $token, $type, $checktime);
+      } else {
+        $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? LIMIT 1");
+        $stmt->bind_param('isi', $account_id, $token, $type);
+      }
+      if ($stmt->execute())
         $res = $stmt->get_result();
         return $res->num_rows;
       return $this->sqlError();