From f961ffd9c7f2d3d51d3e3b060990a4fef9e56c1b Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 22 Feb 2011 10:42:57 +0100 Subject: Add a per-user session limit (fixes FS#12898). Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc | 16 +++++++++++++++- web/lib/config.inc.proto | 3 +++ 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'web') diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 513a142..a4de12c 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -601,7 +601,7 @@ function display_account_info($U="", $T="", $E="", $R="", $I="") { * SID of 0 means login failed. */ function try_login() { - global $PERSISTENT_COOKIE_TIMEOUT; + global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT; $login_error = ""; $new_sid = ""; @@ -624,6 +624,20 @@ function try_login() { $dbh = db_connect(); while (!$logged_in && $num_tries < 5) { + if ($MAX_SESSIONS_PER_USER) { + # Delete all user sessions except the + # last ($MAX_SESSIONS_PER_USER - 1). + $q = "DELETE s.* FROM Sessions s "; + $q.= "LEFT JOIN (SELECT SessionID FROM Sessions "; + $q.= "WHERE UsersId = '" . $userID . "' "; + $q.= "ORDER BY LastUpdateTS DESC "; + $q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q "; + $q.= "ON s.SessionID = q.SessionID "; + $q.= "WHERE s.UsersId = '" . $userID . "' "; + $q.= "AND q.SessionID IS NULL;"; + db_query($q, $dbh); + } + $new_sid = new_sid(); $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" ." VALUES ( $userID, '" . $new_sid . "', UNIX_TIMESTAMP())"; diff --git a/web/lib/config.inc.proto b/web/lib/config.inc.proto index 507ce27..bee6889 100644 --- a/web/lib/config.inc.proto +++ b/web/lib/config.inc.proto @@ -45,6 +45,9 @@ $SUPPORTED_LANGS = array( "zh_CN" => "简体中文" ); +# Session limit per user +$MAX_SESSIONS_PER_USER = 8; + # Idle seconds before timeout $LOGIN_TIMEOUT = 7200; -- cgit v1.2.3-70-g09d2