From patchwork Wed Feb 17 03:28:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eli Schwartz X-Patchwork-Id: 1873 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.16) for (single-drop); Wed, 17 Feb 2021 03:29:26 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id QnOZEZaNLGCRkAEAK+/4rw (envelope-from ) for ; Wed, 17 Feb 2021 03:29:26 +0000 Received: from luna.archlinux.org (luna.archlinux.org [IPv6:2a01:4f8:160:3033::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id 9ABA23FE926; Wed, 17 Feb 2021 03:29:25 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 4BD632C6F2; Wed, 17 Feb 2021 03:29:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.archlinux.org; s=luna; t=1613532565; bh=2Ox8LX5eO349kxyPkSYon+xelH8NyFQiwAlqmQeWauo=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc; b=h0WtPJdmucbIuIkGk3nlV/ICO6g3qiCJ1GGswj3n63SEz3fQD3N6eE0eJVpzjNR/q nQUWgN1H7e1xoL+epIUDq8aPS1G3NxQdEV6mFw+fEMP21Y0lvKXqTKSlxTdo1B4xTw TRcU6CkUJoPES3myspTXGGq/p7byqubZ1tDTieb4hqVYfgyjPuKSoksLUz73uMSzF8 qCUByvfTGegDBsCAVwhEKp1feSxIfuIiMEq3Phhh127KL6JvhBfx8EFeeyPZhmxQhk 5Ys/7gaBv6snn8vZ0/7j21WWpOLGVXEmyM5+YRzq7MoG2zJr73+Se/SfPTJN2rRYHH 97mwdCy8W/JiQT4yrBFD8zAev3HTL/eCVC8/mLcmppvZ6fohpsZP3oRgEY1tQXOyCv 05ZKnXHUVxlW5WWdR2yDsAoYb5cQqzHlK9LLDJIvWWIMZpUZMyZf5Q0+j6rAe4IoT2 C1+7inVjqj7iEuMpSHcB/Qxpgkz4nMAaoUSqfilxWTRNGcHEckf8Nh/YHyiOB2Rmne 6IRRoduyF6PTWlpX+zPtcvT532UZxhGGNgrdhZ1oo1AsA1FwAn3OAlhZ6eadFrfKmI EA6LqMNhBemsosy56StI4Oj5dQO4nAEoidSzwud4u5okECdnepn5QYpFNX35KjnQG2 vc/sVGkaq1g1G9R/BxKmZG6Q= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 4C4F12C6ED for ; Wed, 17 Feb 2021 03:29:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on luna.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,RCVD_IN_MSPIKE_H4=0.001,RCVD_IN_MSPIKE_WL=0.001, T_DMARC_POLICY_NONE=0.01 autolearn=failed autolearn_force=no version=3.4.4 X-Spam-BL-Results: [127.0.9.2] [127.0.0.19] Received: from mail.archlinux.org (mail.archlinux.org [95.216.189.61]) by luna.archlinux.org (Postfix) with ESMTPS for ; Wed, 17 Feb 2021 03:29:21 +0000 (UTC) To: aur-dev@archlinux.org Subject: [aur-dev][PATCH 1/3] fix broken SQL query that always failed Date: Tue, 16 Feb 2021 22:28:52 -0500 Message-Id: <20210217032854.245535-1-eschwartz@archlinux.org> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 X-BeenThere: aur-dev@lists.archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Arch User Repository \(AUR\) Development" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Eli Schwartz via aur-dev From: Eli Schwartz Reply-To: "Arch User Repository \(AUR\) Development" Cc: Eli Schwartz Errors-To: aur-dev-bounces@lists.archlinux.org Sender: "aur-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=lists.archlinux.org header.s=luna header.b=h0WtPJdm; dmarc=pass (policy=none) header.from=archlinux.org; spf=pass (mail.archlinux.org: domain of aur-dev-bounces@lists.archlinux.org designates 2a01:4f8:160:3033::2 as permitted sender) smtp.mailfrom=aur-dev-bounces@lists.archlinux.org X-Rspamd-Queue-Id: 9ABA23FE926 X-Spamd-Result: default: False [3.79 / 15.00]; HAS_REPLYTO(0.00)[aur-dev@lists.archlinux.org]; TO_DN_SOME(0.00)[]; R_MISSING_CHARSET(2.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2a01:4f8:160:3033::2]; REPLYTO_ADDR_EQ_FROM(0.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; RCVD_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[lists.archlinux.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; MAILLIST(-0.20)[mailman]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; FROM_NEQ_ENVFROM(0.00)[aur-dev@lists.archlinux.org,aur-dev-bounces@lists.archlinux.org]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[lists.archlinux.org:s=luna]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[aur-dev]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MID_RHS_MATCH_TO(1.00)[]; NEURAL_HAM(-0.00)[-1.000]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Server: mail.archlinux.org Due to missing whitespace at the end of strings during joining, we ended up with the query fragment "DelTS IS NULLAND NOT PinnedTS" which should be "DelTS IS NULL AND NOT PinnedTS" So the check for pinned comments > 5 likely always failed. In php 7, a completely broken query that raises exceptions in the database engine was silently ignored... in php 8, it raises Uncaught PDOException: SQLSTATE[HY000]: General error: 1 near "PinnedTS": syntax error in and aborts the page building. End result: users with permission to pin comments cannot see any comments, or indeed page content below the first comment header Signed-off-by: Eli Schwartz --- web/lib/pkgbasefuncs.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index a4925891..4c8abba7 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -21,7 +21,7 @@ function pkgbase_comments_count($base_id, $include_deleted, $only_pinned=false) $q = "SELECT COUNT(*) FROM PackageComments "; $q.= "WHERE PackageBaseID = " . $base_id . " "; if (!$include_deleted) { - $q.= "AND DelTS IS NULL"; + $q.= "AND DelTS IS NULL "; } if ($only_pinned) { $q.= "AND NOT PinnedTS = 0"; From patchwork Wed Feb 17 03:28:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eli Schwartz X-Patchwork-Id: 1874 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.16) for (single-drop); Wed, 17 Feb 2021 03:29:28 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id mJvsEZiNLGCIkAEAK+/4rw (envelope-from ) for ; Wed, 17 Feb 2021 03:29:28 +0000 Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id A89423FE931; Wed, 17 Feb 2021 03:29:27 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 840202C6F9; Wed, 17 Feb 2021 03:29:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.archlinux.org; s=luna; t=1613532565; bh=7SXTzMzCgms0tEIuI9qoxn4Uc47g6EXHBx5AFHTcxXI=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc; b=ci3UGe0PWwUo2UyVAU8Mt+xKa5HBBSD7O7p+qvw7kUvEQCFUmmZbPvU+0DyjcbFxz 5oTrpHNjdoDbFCczgI8SJNPexOFPM94LLGNbfOI/oG1XSWiE9Iu9VeffsAi6oEh9iL N3h9Zhsp3rKKAQKd2i87jz9dYE2t+G/K4AWMln2+vAm8Z445Y1qRIZm3iaDIlheJ0n KGhErd/l1uuUGcICPjPjaX8OBWz/KjR5IHfrKxuEkhwjLd8DVZN5lwGik8NPkowdn9 gUB0hbu/qQthfriGIXJVyBidIjdhXz/VBGraCydMpzgt9qcpqjML43FxVp7fRBJksW 559eyAy8IyVxnEv9fXNLm7+e3wF9L8oHLIpaDqeZW+gDcRvd6NKs2zIjVKSS5FJ2zf ZYw3/qww2YBdtc6iKUkNNo5msPBAuhW3Z+C6xuMsDjQV5NkjtCdLrtTm6pJjA2PFSR HBB3Tw/ncNQOb42ZQ/InW4QgTPMAuFi0a9gTKRjezu3aY2RI2GebZMU4gmhQruvRp0 UCXqQBTOj/+XK/eB7Yphkbo+dLVqJfJg18GyX5TdNKQfrrcQKSOEEc0RUUGWQG51rT VdEY1/yUryyqXUfvqe/5wVe8t3AvfU6Kw5Jgetl0068+bOmc3dzwTbwBmei/+NMQkd n3lpWb5ycIO9lEZVd1ggveBs= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 219F62C6F2 for ; Wed, 17 Feb 2021 03:29:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on luna.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,T_DMARC_POLICY_NONE=0.01 autolearn=failed autolearn_force=no version=3.4.4 X-Spam-BL-Results: [127.0.9.2] Received: from mail.archlinux.org (mail.archlinux.org [IPv6:2a01:4f9:c010:3052::1]) by luna.archlinux.org (Postfix) with ESMTPS for ; Wed, 17 Feb 2021 03:29:22 +0000 (UTC) To: aur-dev@archlinux.org Subject: [aur-dev][PATCH 2/3] prevent running mysql-specific query in sqlite Date: Tue, 16 Feb 2021 22:28:53 -0500 Message-Id: <20210217032854.245535-2-eschwartz@archlinux.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210217032854.245535-1-eschwartz@archlinux.org> References: <20210217032854.245535-1-eschwartz@archlinux.org> MIME-Version: 1.0 X-BeenThere: aur-dev@lists.archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Arch User Repository \(AUR\) Development" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Eli Schwartz via aur-dev From: Eli Schwartz Reply-To: "Arch User Repository \(AUR\) Development" Cc: Eli Schwartz Errors-To: aur-dev-bounces@lists.archlinux.org Sender: "aur-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=lists.archlinux.org header.s=luna header.b=ci3UGe0P; dmarc=pass (policy=none) header.from=archlinux.org; spf=pass (mail.archlinux.org: domain of aur-dev-bounces@lists.archlinux.org designates 5.9.250.164 as permitted sender) smtp.mailfrom=aur-dev-bounces@lists.archlinux.org X-Rspamd-Queue-Id: A89423FE931 X-Spamd-Result: default: False [3.79 / 15.00]; HAS_REPLYTO(0.00)[aur-dev@lists.archlinux.org]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:5.9.250.164:c]; R_MISSING_CHARSET(2.50)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; RCVD_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[lists.archlinux.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; MAILLIST(-0.20)[mailman]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:5.9.0.0/16, country:DE]; FROM_NEQ_ENVFROM(0.00)[aur-dev@lists.archlinux.org,aur-dev-bounces@lists.archlinux.org]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[lists.archlinux.org:s=luna]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[aur-dev]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MID_RHS_MATCH_TO(1.00)[]; NEURAL_HAM(-0.00)[-1.000]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Server: mail.archlinux.org We usually guard such queries and have both mysql and sqlite branches. But I have not implemented the sqlite branch. Given sqlite is typically used for local dev setups, the fact that "users with more than the configured max simultaneous logins" can avoid getting some logins annulled is probably not a huge risk. And this always *used* to fail on sqlite, silently. Now, in php 8, it raises PDOException, which prevents running the test server Document this as a FIXME for now, until someone reimplements the query for sqlite. Signed-off-by: Eli Schwartz --- web/lib/acctfuncs.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index d238c0e0..30c4cfe0 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -597,7 +597,9 @@ function try_login() { /* Generate a session ID and store it. */ while (!$logged_in && $num_tries < 5) { $session_limit = config_get_int('options', 'max_sessions_per_user'); - if ($session_limit) { + # FIXME: this does not work for sqlite (JOIN in a DELETE clause) + # hence non-prod instances can have a naughty amount of simultaneous logins + if ($backend == "mysql" && $session_limit) { /* * Delete all user sessions except the * last ($session_limit - 1). From patchwork Wed Feb 17 03:28:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eli Schwartz X-Patchwork-Id: 1875 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.16) for (single-drop); Wed, 17 Feb 2021 03:29:31 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id 0MzzFJuNLGCRkAEAK+/4rw (envelope-from ) for ; Wed, 17 Feb 2021 03:29:31 +0000 Received: from luna.archlinux.org (luna.archlinux.org [IPv6:2a01:4f8:160:3033::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id ED3133FE93C; Wed, 17 Feb 2021 03:29:30 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id BCB862C6FF; Wed, 17 Feb 2021 03:29:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.archlinux.org; s=luna; t=1613532565; bh=ZZReJpKMuBALWUQzHmyNTE5YqqVe0KqNyjDSDtoUonc=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc; b=JM7aal93Zj9WcO2MEsqC5o1rwcFEU0chmeZ/8Hecb2KB/CInNwqQx4Lw5kX85O3iX 6aGjvCAJp7BmQJyVL+4gmZLCrZvN4MakjiFwzElsxMY0IivBAvau+4brmlMrLwzUGo c0pFqDm2GxIlpePLdWVAQk4lvkAuw43thZHCJsbgeHWJb2Dy11vBM0yGQ/vVGZbDUe U51kLcuuC1tIM3iRIlizGn5S79C/OgreQL//Ipgp6jmY/EU7Bm6FsujwrSAYjgQ5gt 0XXCMGzfZ9fE4vdpxZp/bZaonN3vYcV32deG0peESuUOKhLL42UzR7BHIq4yiFQva7 j7HXMDIHOSgibNme0pqjWehPfwr9Gch+0XEmsw8PmtHMRMldnc8Rr6IgRGA/2nrdrR Gyb4HNHa3G7u9qYbNICz00nAiTdVAY89CqKazyeg95e3QTE08aeWDB0/nrxX4vkEuP hUtp6KraOa04ehxKEznk+cdp468DWsjNaJJ2AiTifU6tJSbEec3mRotWpR8+tok1+m yPpuPI0SoMgFjv1L3MKknTDLkI11n+PP54eoFD6lUeWhQRzOj9FpRdkgvEe1V6Nst1 gIftN5FdJrBTNjNH3j7FBQifdNRWWiw6jghFWl7rQgm+P0/KnjM3YXqbbrqBitw1J+ GZq4LzCYmfGBK/4h7k8cu5ro= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id E6B6B2C6F4 for ; Wed, 17 Feb 2021 03:29:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on luna.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, LOCAL_FAKEBUSINESS=0.5,RCVD_IN_DNSWL_MED=-2.3,T_DMARC_POLICY_NONE=0.01 autolearn=failed autolearn_force=no version=3.4.4 X-Spam-BL-Results: [127.0.9.2] Received: from mail.archlinux.org (mail.archlinux.org [IPv6:2a01:4f9:c010:3052::1]) by luna.archlinux.org (Postfix) with ESMTPS for ; Wed, 17 Feb 2021 03:29:22 +0000 (UTC) To: aur-dev@archlinux.org Subject: [aur-dev][PATCH 3/3] rewrite query to support both mysql/sqlite Date: Tue, 16 Feb 2021 22:28:54 -0500 Message-Id: <20210217032854.245535-3-eschwartz@archlinux.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210217032854.245535-1-eschwartz@archlinux.org> References: <20210217032854.245535-1-eschwartz@archlinux.org> MIME-Version: 1.0 X-BeenThere: aur-dev@lists.archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Arch User Repository \(AUR\) Development" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Eli Schwartz via aur-dev From: Eli Schwartz Reply-To: "Arch User Repository \(AUR\) Development" Cc: Eli Schwartz Errors-To: aur-dev-bounces@lists.archlinux.org Sender: "aur-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=lists.archlinux.org header.s=luna header.b=JM7aal93; dmarc=pass (policy=none) header.from=archlinux.org; spf=pass (mail.archlinux.org: domain of aur-dev-bounces@lists.archlinux.org designates 2a01:4f8:160:3033::2 as permitted sender) smtp.mailfrom=aur-dev-bounces@lists.archlinux.org X-Rspamd-Queue-Id: ED3133FE93C X-Spamd-Result: default: False [3.79 / 15.00]; HAS_REPLYTO(0.00)[aur-dev@lists.archlinux.org]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a01:4f8:160:3033::2:c]; R_MISSING_CHARSET(2.50)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; RCVD_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[lists.archlinux.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; MAILLIST(-0.20)[mailman]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; FROM_NEQ_ENVFROM(0.00)[aur-dev@lists.archlinux.org,aur-dev-bounces@lists.archlinux.org]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[lists.archlinux.org:s=luna]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[aur-dev]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MID_RHS_MATCH_TO(1.00)[]; NEURAL_HAM(-0.00)[-1.000]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Server: mail.archlinux.org Signed-off-by: Eli Schwartz --- I don't know nearly enough SQL to know any kind of tradeoffs between one or the other, but this one should theoretically *work* everywhere, and certainly runs to success here on my sqlite development environment. web/lib/acctfuncs.inc.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 30c4cfe0..752abe97 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -597,21 +597,17 @@ function try_login() { /* Generate a session ID and store it. */ while (!$logged_in && $num_tries < 5) { $session_limit = config_get_int('options', 'max_sessions_per_user'); - # FIXME: this does not work for sqlite (JOIN in a DELETE clause) - # hence non-prod instances can have a naughty amount of simultaneous logins - if ($backend == "mysql" && $session_limit) { + if ($session_limit) { /* * Delete all user sessions except the * last ($session_limit - 1). */ - $q = "DELETE s.* FROM Sessions s "; - $q.= "LEFT JOIN (SELECT SessionID FROM Sessions "; + $q = "DELETE FROM Sessions "; $q.= "WHERE UsersId = " . $userID . " "; + $q.= "AND SessionID NOT IN (SELECT SessionID FROM Sessions "; + $q.= "WHERE UsersID = " . $userID . " "; $q.= "ORDER BY LastUpdateTS DESC "; - $q.= "LIMIT " . ($session_limit - 1) . ") q "; - $q.= "ON s.SessionID = q.SessionID "; - $q.= "WHERE s.UsersId = " . $userID . " "; - $q.= "AND q.SessionID IS NULL;"; + $q.= "LIMIT " . ($session_limit - 1) . ")"; $dbh->query($q); }