summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2021-02-17 03:50:23 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2021-02-20 17:22:11 +0100
commitbe5197a5fe11d93ebce0044179c6f04fa8ff4cbb (patch)
tree523f77b3c7fde7f254f619f6171a445f95fe73a4 /web
parentd92dd69aa3c23acc7e2e409decf42c3b3e37749c (diff)
downloadaur-be5197a5fe11d93ebce0044179c6f04fa8ff4cbb.tar.gz
aur-be5197a5fe11d93ebce0044179c6f04fa8ff4cbb.tar.xz
prevent running mysql-specific query in sqlite
We usually guard such queries and have both mysql and sqlite branches. But I have not implemented the sqlite branch. Given sqlite is typically used for local dev setups, the fact that "users with more than the configured max simultaneous logins" can avoid getting some logins annulled is probably not a huge risk. And this always *used* to fail on sqlite, silently. Now, in php 8, it raises PDOException, which prevents running the test server Document this as a FIXME for now, until someone reimplements the query for sqlite. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web')
-rw-r--r--web/lib/acctfuncs.inc.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index d238c0e0..30c4cfe0 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -597,7 +597,9 @@ function try_login() {
/* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) {
$session_limit = config_get_int('options', 'max_sessions_per_user');
- if ($session_limit) {
+ # FIXME: this does not work for sqlite (JOIN in a DELETE clause)
+ # hence non-prod instances can have a naughty amount of simultaneous logins
+ if ($backend == "mysql" && $session_limit) {
/*
* Delete all user sessions except the
* last ($session_limit - 1).