diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-11-08 17:22:04 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-11-08 17:22:04 +0000 |
| commit | dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a (patch) | |
| tree | 4742c89ec1b5bf0ce57b966d032bed30d6606e6f /phpBB/includes/functions.php | |
| parent | 78f60b901ef54c989e88ea69fca0cb65e79430bf (diff) | |
| download | forums-dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a.tar forums-dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a.tar.gz forums-dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a.tar.bz2 forums-dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a.tar.xz forums-dd5120f95e0e9df6fd4d5b903756b2cb8e2dcf1a.zip | |
Finally add deletion of expired sessions from forum access table, remove request_var useage for explain linkage
git-svn-id: file:///svn/phpbb/trunk@4655 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 53685dfff3..8a8c5fb1be 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1085,6 +1085,8 @@ function login_forum_box(&$forum_data) { global $db, $config, $user, $template, $phpEx; + $password = request_var('password', ''); + $sql = 'SELECT forum_id FROM ' . FORUMS_ACCESS_TABLE . ' WHERE forum_id = ' . $forum_data['forum_id'] . ' @@ -1099,13 +1101,29 @@ function login_forum_box(&$forum_data) } $db->sql_freeresult($result); - if (!empty($_POST['password'])) + if ($password) { - // TODO - // Remove old valid sessions - $sql = ''; + // Remove expired authorised sessions + $sql = 'SELECT session_id + FROM ' . SESSIONS_TABLE; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + $sql_in = array(); + do + { + $sql_in[] = $row['session_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . ' + WHERE session_id NOT IN (' . implode(', ', preg_replace('#^([a-z0-9]+)$#i', "'\\1'", $sql_in)) . ')'; + $db->sql_query($sql); + } + $db->sql_freeresult($result); - if ($_POST['password'] == $forum_data['forum_password']) + if ($password == $forum_data['forum_password']) { $sql = 'INSERT INTO phpbb_forum_access (forum_id, user_id, session_id) VALUES (' . $forum_data['forum_id'] . ', ' . $user->data['user_id'] . ", '$user->session_id')"; @@ -1526,7 +1544,7 @@ function page_footer() if ($auth->acl_get('a_')) { - $debug_output .= ' | <a href="' . request_var($_SERVER['REQUEST_URI'], "index.$phpEx$SID") . '&explain=1">Explain</a>'; + $debug_output .= ' | <a href="' . (($_SERVER['REQUEST_URI']) ? htmlspecialchars($_SERVER['REQUEST_URI']) : "index.$phpEx$SID") . '&explain=1">Explain</a>'; } $debug_output .= ' ]'; } |