mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-03-14 09:29:45 +01:00
Code Issues Releases Wiki Activity

Issue #4657 - Improved handling to prevent multiple sessions running on the same user account.

Browse Source
This commit is contained in:
Cameron 2022-01-13 11:18:31 -08:00
parent a617918256
commit fd42d2325f
3 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
e107_admin/auth.php
View File

@ -177,7 +177,8 @@ else
.field input { padding:5px; .field input { padding:5px;
} }
i.s-message-icon { display: none }
.s-message-title { display: none }
.field input:focus { .field input:focus {
} }
@ -273,25 +274,23 @@ class auth
// Start Clean // Start Clean
// NOTE: this should NOT be a template of the admin-template, however themes may style it using css. // NOTE: this should NOT be a template of the admin-template, however themes may style it using css.
$class = (e_QUERY == 'failed') ? "class='e-shake'" : ""; $class = (e_QUERY === 'failed') ? "class='e-shake'" : "";
$text = "<form id='admin-login' method='post' action='".e_SELF."' {$incChap} > $text = "<form id='admin-login' method='post' action='".e_SELF."' {$incChap} >
<div id='logo' ><img src='".e_IMAGE."logo_template_large.png' alt='".LAN_LOGIN."' /></div> <div id='logo' ><img src='".e_IMAGE."logo_template_large.png' alt='".LAN_LOGIN."' /></div>
<div id='login-admin' class='center'> <div id='login-admin' class='center'>
<div>"; <div>";
if(e_QUERY == 'failed') if(e_QUERY === 'failed')
{ {
e107::lan('core', 'login'); e107::lan('core', 'login');
$text .= "<div class='alert alert-danger'>".LAN_LOGIN_21."</div>"; $text .= e107::getMessage()->render(); // see e107_handlers/login.php L622
$text .= "<script type='text/javascript'> $text .= "<script type='text/javascript'>
window.setTimeout(function() { window.setTimeout(function() {
$('.alert').fadeTo(500, 0).slideUp(500, function(){ $('.alert').fadeTo(500, 0).slideUp(500, function(){
$(this).remove(); $(this).remove();
}); });
}, 5000); }, 7000);
</script>"; </script>";
} }

6
e107_handlers/login.php
View File

@ -260,6 +260,10 @@ class userlogin
} }
} }
if(!empty($pref['disallowMultiLogin']) && !empty($user_id))
{
$sql->delete('session', "session_user = ".$user_id);
}
// User login definitely accepted here // User login definitely accepted here
@ -614,7 +618,7 @@ class userlogin
$this->logNote('LAN_ROLL_LOG_10', $username); $this->logNote('LAN_ROLL_LOG_10', $username);
} }
e107::getMessage()->reset()->addError($message); // prevent duplicates. e107::getMessage()->reset()->addError($message, 'default', true); // prevent duplicates, session=true needed for admin-area login.
if($this->testMode === true) if($this->testMode === true)
{ {

8
e107_handlers/session_handler.php
View File

@ -1131,7 +1131,7 @@ class e_session_db #implements SessionHandlerInterface
* @var e_db * @var e_db
*/ */
protected $_db = null; protected $_db = null;
/** /**
* Table name * Table name
* @var string * @var string
@ -1145,7 +1145,7 @@ class e_session_db #implements SessionHandlerInterface
public function __construct() public function __construct()
{ {
$this->_db = e107::getDb('session'); $this->_db = e107::getDb('session');
} }
public function __destruct() public function __destruct()
@ -1268,10 +1268,12 @@ class e_session_db #implements SessionHandlerInterface
'data' => array( 'data' => array(
'session_expires' => time() + $this->getLifetime(), 'session_expires' => time() + $this->getLifetime(),
'session_data' => base64_encode($session_data), 'session_data' => base64_encode($session_data),
'session_user' => defset('USERID'),
), ),
'_FIELD_TYPES' => array( '_FIELD_TYPES' => array(
'session_id' => 'str', 'session_id' => 'str',
'session_expires' => 'int', 'session_expires' => 'int',
'session_user' => 'int',
'session_data' => 'str' 'session_data' => 'str'
), ),
'_DEFAULT' => 'str' '_DEFAULT' => 'str'
@ -1280,7 +1282,7 @@ class e_session_db #implements SessionHandlerInterface
{ {
return false; return false;
} }
$check = $this->_db->select($this->getTable(), 'session_id', "`session_id`='{$session_id}'"); $check = $this->_db->select($this->getTable(), 'session_id', "`session_id`='{$session_id}'");
if($check) if($check)