From fd42d2325f91769df2d7cfb3b70110a4dcc56d6b Mon Sep 17 00:00:00 2001
From: Cameron <e107inc@gmail.com>
Date: Thu, 13 Jan 2022 11:18:31 -0800
Subject: [PATCH] Issue #4657 - Improved handling to prevent multiple sessions
 running on the same user account.

---
 e107_admin/auth.php               | 13 ++++++-------
 e107_handlers/login.php           |  6 +++++-
 e107_handlers/session_handler.php |  8 +++++---
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/e107_admin/auth.php b/e107_admin/auth.php
index 46613ee2b..9dada9bf1 100644
--- a/e107_admin/auth.php
+++ b/e107_admin/auth.php
@@ -177,7 +177,8 @@ else
 			.field input		{	padding:5px; 
 								
 								}
-			
+			i.s-message-icon     { display: none }
+			.s-message-title    { display: none } 
 			.field input:focus	{
 									
 								}
@@ -273,25 +274,23 @@ class auth
 	// Start Clean 
 	// NOTE: this should NOT be a template of the admin-template, however themes may style it using css. 
 	
-		$class = (e_QUERY == 'failed') ? "class='e-shake'" : "";
-
-
+		$class = (e_QUERY === 'failed') ? "class='e-shake'" : "";
 
 		$text = "<form id='admin-login' method='post' action='".e_SELF."' {$incChap} >
 		<div id='logo' ><img src='".e_IMAGE."logo_template_large.png' alt='".LAN_LOGIN."' /></div>
 		<div id='login-admin' class='center'>
 		<div>";
 
-		if(e_QUERY == 'failed')
+		if(e_QUERY === 'failed')
 		{
 			e107::lan('core', 'login');
-			$text .= "<div class='alert alert-danger'>".LAN_LOGIN_21."</div>";
+			$text .= e107::getMessage()->render(); // see e107_handlers/login.php L622
 			$text .= "<script type='text/javascript'>
 				window.setTimeout(function() {
 			    $('.alert').fadeTo(500, 0).slideUp(500, function(){
 			        $(this).remove();
 			    });
-			}, 5000);
+			}, 7000);
 			</script>";
 
 		}
diff --git a/e107_handlers/login.php b/e107_handlers/login.php
index d1a670760..672f0a22a 100644
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -260,6 +260,10 @@ class userlogin
 			}
 		}
 
+		if(!empty($pref['disallowMultiLogin']) && !empty($user_id))
+		{
+			$sql->delete('session', "session_user = ".$user_id);
+		}
 
 
 		// User login definitely accepted here
@@ -614,7 +618,7 @@ class userlogin
 				$this->logNote('LAN_ROLL_LOG_10', $username);
 		}
 
-		e107::getMessage()->reset()->addError($message); // prevent duplicates.
+		e107::getMessage()->reset()->addError($message, 'default', true); // prevent duplicates, session=true needed for admin-area login.
 
 		if($this->testMode === true)
 		{
diff --git a/e107_handlers/session_handler.php b/e107_handlers/session_handler.php
index c6afbe9b0..1c83518b0 100644
--- a/e107_handlers/session_handler.php
+++ b/e107_handlers/session_handler.php
@@ -1131,7 +1131,7 @@ class e_session_db #implements SessionHandlerInterface
 	 * @var e_db
 	 */
 	protected $_db = null;
-	
+
 	/**
 	 * Table name
 	 * @var string
@@ -1145,7 +1145,7 @@ class e_session_db #implements SessionHandlerInterface
 	
 	public function __construct()
 	{
-		$this->_db = e107::getDb('session');		
+		$this->_db = e107::getDb('session');
 	}
 	
 	public function __destruct()
@@ -1268,10 +1268,12 @@ class e_session_db #implements SessionHandlerInterface
     		'data' => array(
 	    		'session_expires' => time() + $this->getLifetime(),
 	    		'session_data' 	  => base64_encode($session_data),
+	    		'session_user'    => defset('USERID'),
     		),
     		'_FIELD_TYPES' => array(
     			'session_id'		=> 'str',
     			'session_expires'	=> 'int',
+    			'session_user'      => 'int',
     			'session_data'		=> 'str'
     		),
     		'_DEFAULT' => 'str'
@@ -1280,7 +1282,7 @@ class e_session_db #implements SessionHandlerInterface
     	{
     		return false;
     	}
-    	
+
     	$check = $this->_db->select($this->getTable(), 'session_id', "`session_id`='{$session_id}'");
     	
     	if($check)