summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/acctfuncs.inc16
-rw-r--r--web/lib/config.inc.proto3
2 files changed, 18 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 513a142a..a4de12c6 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -601,7 +601,7 @@ function display_account_info($U="", $T="", $E="", $R="", $I="") {
* SID of 0 means login failed.
*/
function try_login() {
- global $PERSISTENT_COOKIE_TIMEOUT;
+ global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT;
$login_error = "";
$new_sid = "";
@@ -624,6 +624,20 @@ function try_login() {
$dbh = db_connect();
while (!$logged_in && $num_tries < 5) {
+ if ($MAX_SESSIONS_PER_USER) {
+ # Delete all user sessions except the
+ # last ($MAX_SESSIONS_PER_USER - 1).
+ $q = "DELETE s.* FROM Sessions s ";
+ $q.= "LEFT JOIN (SELECT SessionID FROM Sessions ";
+ $q.= "WHERE UsersId = '" . $userID . "' ";
+ $q.= "ORDER BY LastUpdateTS DESC ";
+ $q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q ";
+ $q.= "ON s.SessionID = q.SessionID ";
+ $q.= "WHERE s.UsersId = '" . $userID . "' ";
+ $q.= "AND q.SessionID IS NULL;";
+ db_query($q, $dbh);
+ }
+
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)"
." VALUES ( $userID, '" . $new_sid . "', UNIX_TIMESTAMP())";
diff --git a/web/lib/config.inc.proto b/web/lib/config.inc.proto
index 507ce27c..bee68891 100644
--- a/web/lib/config.inc.proto
+++ b/web/lib/config.inc.proto
@@ -45,6 +45,9 @@ $SUPPORTED_LANGS = array(
"zh_CN" => "简体中文"
);
+# Session limit per user
+$MAX_SESSIONS_PER_USER = 8;
+
# Idle seconds before timeout
$LOGIN_TIMEOUT = 7200;