diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-02-22 10:42:57 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-02-23 11:17:26 +0100 |
commit | f961ffd9c7f2d3d51d3e3b060990a4fef9e56c1b (patch) | |
tree | 5e13178872626820f171d0844c4375f3f59ed14e | |
parent | c39183c3ee7eb1b127e981d1f023a13fd88cbea9 (diff) |
Add a per-user session limit (fixes FS#12898).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/lib/acctfuncs.inc | 16 | ||||
-rw-r--r-- | web/lib/config.inc.proto | 3 |
2 files changed, 18 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 513a142..a4de12c 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -601,7 +601,7 @@ function display_account_info($U="", $T="", $E="", $R="", $I="") { * SID of 0 means login failed. */ function try_login() { - global $PERSISTENT_COOKIE_TIMEOUT; + global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT; $login_error = ""; $new_sid = ""; @@ -624,6 +624,20 @@ function try_login() { $dbh = db_connect(); while (!$logged_in && $num_tries < 5) { + if ($MAX_SESSIONS_PER_USER) { + # Delete all user sessions except the + # last ($MAX_SESSIONS_PER_USER - 1). + $q = "DELETE s.* FROM Sessions s "; + $q.= "LEFT JOIN (SELECT SessionID FROM Sessions "; + $q.= "WHERE UsersId = '" . $userID . "' "; + $q.= "ORDER BY LastUpdateTS DESC "; + $q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q "; + $q.= "ON s.SessionID = q.SessionID "; + $q.= "WHERE s.UsersId = '" . $userID . "' "; + $q.= "AND q.SessionID IS NULL;"; + db_query($q, $dbh); + } + $new_sid = new_sid(); $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" ." VALUES ( $userID, '" . $new_sid . "', UNIX_TIMESTAMP())"; diff --git a/web/lib/config.inc.proto b/web/lib/config.inc.proto index 507ce27..bee6889 100644 --- a/web/lib/config.inc.proto +++ b/web/lib/config.inc.proto @@ -45,6 +45,9 @@ $SUPPORTED_LANGS = array( "zh_CN" => "简体中文" ); +# Session limit per user +$MAX_SESSIONS_PER_USER = 8; + # Idle seconds before timeout $LOGIN_TIMEOUT = 7200; |