summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2021-02-17 04:09:36 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2021-02-20 17:22:11 +0100
commit71740a75a210907cee418a6c404e05ef4710fa9b (patch)
tree3e07e5f2439b931210ec26f08c832b84027c4399 /web/lib
parentbe5197a5fe11d93ebce0044179c6f04fa8ff4cbb (diff)
downloadaur-71740a75a210907cee418a6c404e05ef4710fa9b.tar.gz
aur-71740a75a210907cee418a6c404e05ef4710fa9b.tar.xz
rewrite query to support both mysql/sqlite
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/acctfuncs.inc.php14
1 files changed, 5 insertions, 9 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 30c4cfe0..752abe97 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -597,21 +597,17 @@ function try_login() {
/* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) {
$session_limit = config_get_int('options', 'max_sessions_per_user');
- # FIXME: this does not work for sqlite (JOIN in a DELETE clause)
- # hence non-prod instances can have a naughty amount of simultaneous logins
- if ($backend == "mysql" && $session_limit) {
+ if ($session_limit) {
/*
* Delete all user sessions except the
* last ($session_limit - 1).
*/
- $q = "DELETE s.* FROM Sessions s ";
- $q.= "LEFT JOIN (SELECT SessionID FROM Sessions ";
+ $q = "DELETE FROM Sessions ";
$q.= "WHERE UsersId = " . $userID . " ";
+ $q.= "AND SessionID NOT IN (SELECT SessionID FROM Sessions ";
+ $q.= "WHERE UsersID = " . $userID . " ";
$q.= "ORDER BY LastUpdateTS DESC ";
- $q.= "LIMIT " . ($session_limit - 1) . ") q ";
- $q.= "ON s.SessionID = q.SessionID ";
- $q.= "WHERE s.UsersId = " . $userID . " ";
- $q.= "AND q.SessionID IS NULL;";
+ $q.= "LIMIT " . ($session_limit - 1) . ")";
$dbh->query($q);
}