external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

rewrite query to support both mysql/sqlite

Browse source 
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Eli Schwartz 2021-02-16 22:09:36 -05:00 committed by Lukas Fleischer
parent be5197a5fe
commit 71740a75a2
1 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
web/lib/acctfuncs.inc.php
View file

@ -597,21 +597,17 @@ function try_login() {
/* Generate a session ID and store it. */ /* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) { while (!$logged_in && $num_tries < 5) {
$session_limit = config_get_int('options', 'max_sessions_per_user'); $session_limit = config_get_int('options', 'max_sessions_per_user');
# FIXME: this does not work for sqlite (JOIN in a DELETE clause) if ($session_limit) {
# hence non-prod instances can have a naughty amount of simultaneous logins
if ($backend == "mysql" && $session_limit) {
/* /*
* Delete all user sessions except the * Delete all user sessions except the
* last ($session_limit - 1). * last ($session_limit - 1).
*/ */
$q = "DELETE s.* FROM Sessions s "; $q = "DELETE FROM Sessions ";
$q.= "LEFT JOIN (SELECT SessionID FROM Sessions ";
$q.= "WHERE UsersId = " . $userID . " "; $q.= "WHERE UsersId = " . $userID . " ";
$q.= "AND SessionID NOT IN (SELECT SessionID FROM Sessions ";
$q.= "WHERE UsersID = " . $userID . " ";
$q.= "ORDER BY LastUpdateTS DESC "; $q.= "ORDER BY LastUpdateTS DESC ";
$q.= "LIMIT " . ($session_limit - 1) . ") q "; $q.= "LIMIT " . ($session_limit - 1) . ")";
$q.= "ON s.SessionID = q.SessionID ";
$q.= "WHERE s.UsersId = " . $userID . " ";
$q.= "AND q.SessionID IS NULL;";
$dbh->query($q); $dbh->query($q);
} }