mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-22 17:41:24 +02:00
Code Issues Releases Wiki Activity

[ticket/17338] Do not update user_last_active to outdated session_time value

Browse Source 
PHPBB-17338
This commit is contained in:
rxu
2024-06-17 11:31:27 +07:00
parent e21a8e02cd
commit 4003f54d0b
4 changed files with 11 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
phpBB/phpbb/session.php
View File

@@ -441,7 +441,7 @@ class session
$this->check_ban_for_current_session($config); $this->check_ban_for_current_session($config);
// Update user last active time accordingly, but in a minute or so // Update user last active time accordingly, but in a minute or so
if ((int) $this->data['session_time'] - (int) $this->data['user_last_active'] > 60) if ($this->time_now - (int) $this->data['user_last_active'] > 60)
{ {
$this->update_last_active_time(); $this->update_last_active_time();
} }
@@ -903,8 +903,7 @@ class session
} }
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $this->data['session_time'] . ', SET user_lastvisit = ' . (int) $this->data['session_time'] . '
user_last_active = ' . (int) $this->data['session_time'] . '
WHERE user_id = ' . (int) $this->data['user_id']; WHERE user_id = ' . (int) $this->data['user_id'];
$db->sql_query($sql); $db->sql_query($sql);
@@ -988,7 +987,7 @@ class session
// For SQLite versions 3.8.3+ which support Common Table Expressions (CTE) // For SQLite versions 3.8.3+ which support Common Table Expressions (CTE)
$sql = "WITH s3 (session_page, session_user_id, session_time) AS ($sql_select) $sql = "WITH s3 (session_page, session_user_id, session_time) AS ($sql_select)
UPDATE " . USERS_TABLE . ' UPDATE " . USERS_TABLE . '
SET (user_lastpage, user_lastvisit, user_last_active) = (SELECT session_page, session_time, session_time FROM s3 WHERE session_user_id = user_id) SET (user_lastpage, user_lastvisit) = (SELECT session_page, session_time FROM s3 WHERE session_user_id = user_id)
WHERE EXISTS (SELECT session_user_id FROM s3 WHERE session_user_id = user_id)'; WHERE EXISTS (SELECT session_user_id FROM s3 WHERE session_user_id = user_id)';
$db->sql_query($sql); $db->sql_query($sql);
@@ -1001,9 +1000,7 @@ class session
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $row['recent_time'] . ', SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
user_last_active = ' . (int) $row['recent_time'] . ",
user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . (int) $row['session_user_id']; WHERE user_id = " . (int) $row['session_user_id'];
$db->sql_query($sql); $db->sql_query($sql);
} }
@@ -1013,14 +1010,14 @@ class session
case 'mysqli': case 'mysqli':
$sql = 'UPDATE ' . USERS_TABLE . " u, $sql = 'UPDATE ' . USERS_TABLE . " u,
($sql_select) s3 ($sql_select) s3
SET u.user_lastvisit = s3.recent_time, u.user_last_active = s3.recent_time, u.user_lastpage = s3.session_page SET u.user_lastvisit = s3.recent_time, u.user_lastpage = s3.session_page
WHERE u.user_id = s3.session_user_id"; WHERE u.user_id = s3.session_user_id";
$db->sql_query($sql); $db->sql_query($sql);
break; break;
default: default:
$sql = 'UPDATE ' . USERS_TABLE . " $sql = 'UPDATE ' . USERS_TABLE . "
SET user_lastvisit = s3.recent_time, user_last_active = s3.recent_time, user_lastpage = s3.session_page SET user_lastvisit = s3.recent_time, user_lastpage = s3.session_page
FROM ($sql_select) s3 FROM ($sql_select) s3
WHERE user_id = s3.session_user_id"; WHERE user_id = s3.session_user_id";
$db->sql_query($sql); $db->sql_query($sql);
@@ -1653,9 +1650,7 @@ class session
if ($row) if ($row)
{ {
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $row['session_time'] . ', SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
user_last_active = ' . (int) $row['session_time'] . ",
user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . (int) $user_id; WHERE user_id = " . (int) $user_id;
$db->sql_query($sql); $db->sql_query($sql);
} }
@@ -1817,7 +1812,7 @@ class session
{ {
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $this->data['session_time'] . ', SET user_lastvisit = ' . (int) $this->data['session_time'] . ',
user_last_active = ' . (int) $this->data['session_time'] . ' user_last_active = ' . $this->time_now . '
WHERE user_id = ' . (int) $this->data['user_id']; WHERE user_id = ' . (int) $this->data['user_id'];
$db->sql_query($sql); $db->sql_query($sql);
} }
@@ -1832,10 +1827,10 @@ class session
{ {
global $db; global $db;
if (isset($this->data['session_time'], $this->data['user_id'])) if (isset($this->time_now, $this->data['user_id']))
{ {
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_last_active = ' . (int) $this->data['session_time'] . ' SET user_last_active = ' . $this->time_now . '
WHERE user_id = ' . (int) $this->data['user_id']; WHERE user_id = ' . (int) $this->data['user_id'];
$db->sql_query($sql); $db->sql_query($sql);
} }

3
tests/session/fixtures/sessions_garbage.xml
View File

@@ -7,7 +7,6 @@
<column>user_sig</column> <column>user_sig</column>
<column>user_lastpage</column> <column>user_lastpage</column>
<column>user_lastvisit</column> <column>user_lastvisit</column>
<column>user_last_active</column>
<row> <row>
<value>4</value> <value>4</value>
<value>bar</value> <value>bar</value>
@@ -15,7 +14,6 @@
<value></value> <value></value>
<value>oldpage_user_bar.php</value> <value>oldpage_user_bar.php</value>
<value>1400000000</value> <value>1400000000</value>
<value>1300000999</value>
</row> </row>
<row> <row>
<value>5</value> <value>5</value>
@@ -24,7 +22,6 @@
<value></value> <value></value>
<value>oldpage_user_foo.php</value> <value>oldpage_user_foo.php</value>
<value>1400000000</value> <value>1400000000</value>
<value>1300000998</value>
</row> </row>
</table> </table>
<table name="phpbb_sessions"> <table name="phpbb_sessions">

4
tests/session/garbage_collection_test.php
View File

@@ -65,13 +65,11 @@ class phpbb_session_garbage_collection_test extends phpbb_session_test_case
[ [
'username_clean' => 'bar', 'username_clean' => 'bar',
'user_lastvisit' => 1400000000, 'user_lastvisit' => 1400000000,
'user_last_active' => 1300000999,
'user_lastpage' => 'oldpage_user_bar.php', 'user_lastpage' => 'oldpage_user_bar.php',
], ],
[ [
'username_clean' => 'foo', 'username_clean' => 'foo',
'user_lastvisit' => 1400000000, 'user_lastvisit' => 1400000000,
'user_last_active' => 1300000998,
'user_lastpage' => 'oldpage_user_foo.php', 'user_lastpage' => 'oldpage_user_foo.php',
], ],
], ],
@@ -91,13 +89,11 @@ class phpbb_session_garbage_collection_test extends phpbb_session_test_case
[ [
'username_clean' => 'bar', 'username_clean' => 'bar',
'user_lastvisit' => '1500000000', 'user_lastvisit' => '1500000000',
'user_last_active' => '1500000000',
'user_lastpage' => 'newpage_user_bar.php', 'user_lastpage' => 'newpage_user_bar.php',
], ],
[ [
'username_clean' => 'foo', 'username_clean' => 'foo',
'user_lastvisit' => '1500000000', 'user_lastvisit' => '1500000000',
'user_last_active' => '1500000000',
'user_lastpage' => 'newpage_user_foo.php', 'user_lastpage' => 'newpage_user_foo.php',
], ],
], ],

2
tests/test_framework/phpbb_session_test_case.php
View File

@@ -50,7 +50,7 @@ abstract class phpbb_session_test_case extends phpbb_database_test_case
protected function check_user_session_data($expected_session_data, $message) protected function check_user_session_data($expected_session_data, $message)
{ {
$sql= 'SELECT username_clean, user_lastvisit, user_last_active, user_lastpage $sql= 'SELECT username_clean, user_lastvisit, user_lastpage
FROM ' . USERS_TABLE . ' FROM ' . USERS_TABLE . '
ORDER BY user_id'; ORDER BY user_id';