From dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Sat, 8 Nov 2003 17:22:04 +0000 Subject: [PATCH] Finally add deletion of expired sessions from forum access table, remove request_var useage for explain linkage git-svn-id: file:///svn/phpbb/trunk@4655 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 53685dfff3..8a8c5fb1be 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1085,6 +1085,8 @@ function login_forum_box(&$forum_data) { global $db, $config, $user, $template, $phpEx; + $password = request_var('password', ''); + $sql = 'SELECT forum_id FROM ' . FORUMS_ACCESS_TABLE . ' WHERE forum_id = ' . $forum_data['forum_id'] . ' @@ -1099,13 +1101,29 @@ function login_forum_box(&$forum_data) } $db->sql_freeresult($result); - if (!empty($_POST['password'])) + if ($password) { - // TODO - // Remove old valid sessions - $sql = ''; + // Remove expired authorised sessions + $sql = 'SELECT session_id + FROM ' . SESSIONS_TABLE; + $result = $db->sql_query($sql); - if ($_POST['password'] == $forum_data['forum_password']) + if ($row = $db->sql_fetchrow($result)) + { + $sql_in = array(); + do + { + $sql_in[] = $row['session_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . ' + WHERE session_id NOT IN (' . implode(', ', preg_replace('#^([a-z0-9]+)$#i', "'\\1'", $sql_in)) . ')'; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + + if ($password == $forum_data['forum_password']) { $sql = 'INSERT INTO phpbb_forum_access (forum_id, user_id, session_id) VALUES (' . $forum_data['forum_id'] . ', ' . $user->data['user_id'] . ", '$user->session_id')"; @@ -1526,7 +1544,7 @@ function page_footer() if ($auth->acl_get('a_')) { - $debug_output .= ' | Explain'; + $debug_output .= ' | Explain'; } $debug_output .= ' ]'; }