diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 232aeab1f7..83639adafa 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -165,7 +165,7 @@ class session // Garbage collection ... remove old sessions updating user information // if necessary. It means (potentially) 11 queries but only infrequently - if ($current_time > $config['session_last_gc'] + $config['session_gc'] && defined('PHPBB_INSTALLED')) + if ($current_time > $config['session_last_gc'] + $config['session_gc']) { $this->gc($current_time); } @@ -365,11 +365,13 @@ class session // last_visit field won't be updated, which I believe should be // the normal behavior anyway $db->sql_return_on_error(TRUE); + $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' USING ' . SESSIONS_TABLE . ' s1, ' . SESSIONS_TABLE . ' s2 WHERE s1.session_user_id = s2.session_user_id AND s1.session_time < s2.session_time'; $db->sql_query($sql); + $db->sql_return_on_error(FALSE); // Update last visit time @@ -387,48 +389,51 @@ class session set_config('session_last_gc', $current_time); break; - // Get expired sessions, only most recent for each user - $sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time - FROM ' . SESSIONS_TABLE . ' - WHERE session_time < ' . ($current_time - $config['session_length']) . ' - GROUP BY session_user_id, session_page'; - $result = $db->sql_query_limit($sql, 5); + default: - $del_user_id = ''; - $del_sessions = 0; - if ($row = $db->sql_fetchrow($result)) - { - do + // Get expired sessions, only most recent for each user + $sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time + FROM ' . SESSIONS_TABLE . ' + WHERE session_time < ' . ($current_time - $config['session_length']) . ' + GROUP BY session_user_id, session_page'; + $result = $db->sql_query_limit($sql, 5); + + $del_user_id = ''; + $del_sessions = 0; + if ($row = $db->sql_fetchrow($result)) { - if ($row['session_user_id'] != ANONYMOUS) + do { - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' - WHERE user_id = " . $row['session_user_id']; - $db->sql_query($sql); + if ($row['session_user_id'] != ANONYMOUS) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' + WHERE user_id = " . $row['session_user_id']; + $db->sql_query($sql); + } + + $del_user_id .= (($del_user_id != '') ? ', ' : '') . $row['session_user_id']; + $del_sessions++; } - - $del_user_id .= (($del_user_id != '') ? ', ' : '') . $row['session_user_id']; - $del_sessions++; + while ($row = $db->sql_fetchrow($result)); } - while ($row = $db->sql_fetchrow($result)); - } - if ($del_user_id != '') - { - // Delete expired sessions - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " - WHERE session_user_id IN ($del_user_id) - AND session_time < " . ($current_time - $config['session_length']); - $db->sql_query($sql); - } + if ($del_user_id != '') + { + // Delete expired sessions + $sql = 'DELETE FROM ' . SESSIONS_TABLE . " + WHERE session_user_id IN ($del_user_id) + AND session_time < " . ($current_time - $config['session_length']); + $db->sql_query($sql); + } - if ($del_sessions < 5) - { - // Less than 5 sessions, update gc timer ... else we want gc - // called again to delete other sessions - set_config('session_last_gc', $current_time); - } + if ($del_sessions < 5) + { + // Less than 5 sessions, update gc timer ... else we want gc + // called again to delete other sessions + set_config('session_last_gc', $current_time); + } + break; } return; @@ -970,7 +975,7 @@ class auth { global $db; - $where_sql = ($user_id) ? ' WHERE user_id = ' . $user_id : ''; + $where_sql = ($user_id) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : ''; $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = ''