Now, since XS we have had Advanced IP Tools Pack MOD included, and we have always had the maximum number of logins recorded for an IP set in the database - currently it is in the config table, yet, there is nothing in ACP to configure this option!

In sessions.php the max logins is retrieved as:

, and in phpBBXS it was


Unless I'm wrong, never in phpBBXS or Icy has there been any configuration option in ACP to change this value. The only way is through phpmyadmin! Could somebody else check this in case I'm going mad!

The default value is 20, which is quite large number of logins to record for the same user (I think pentapenguin even had it set to 45 originally!) - I mean, if you had 100 users, then thats 2000 rows of login data, all of which is not very helpfully stored in the first place- I mean, if a user repeatedly logs in from the same IP, then its not so useful to know all the times he's logged in from the same IP, as it is if suddenly the user logs in from many different IPs (and thus a likely account hack). As it stands, the mod will remove any old login once the $max_logins is exceeded, and does not differentiate between existing IPs when it inserts data. To demonstrate this last point, here is the lines in session.php where logins are inserted:

No differentiation is made to check whether the same IP exists for the same user in the logins table, in which case and update logins table is more appropriate (and perhaps a simple login count field to increment how many times they logged in from that IP, which would be more useful than just listing the last n logins). So as it stands, this is an inefficient use of MySQL storage, and if the logins table bloats due to a large number of users (take icy phoenix), then logging in (which triggers a sql query which requires the mysql server to sort through the entire logins table in order return all the logins for one user) becomes very very slow! We should be intelligent enough now not to have this unnecessary space wastage / performance loss happen.

The same can also be said of the phpbb_sessions table, the majority of which is redundant data that should be deleted automatically when the session handler detects it has expired - so far session data is only removed if the user logs out, via session_end(). What is required is for a mod to check the age of sessions, and if they are older than the board_config session time, they are automatically delete, and thus result in a much smaller session table that makes logging in/out much quicker. Since this should maintain a compact sessions table, nobody should experience any overhead from the sessions table being trimmed of expired sessions, unless some strange circumstance that the entire board membership decides to log in numerous times and leave their browsers open / have cookies disabled etc... which is not that likely

An interesting topic from phpbb on this, and potential way to speed up your site:
http://www.phpbb.com/community/view...&st=0&sk=t&sd=a

Which leads me to conclude we should also be creating the sessions table as a HEAP table in the first place (indeed, we could make a lightning system if we had parallel table sets, one set which was myisam/innodb and another as HEAP, and changed the way the scripts work so that data is stored in both, but read from HEAP tables, and if there is a MYSQL crash, the data from the myisam/innodb is repopulated into the HEAP tables - of course it would be a bit of work... but all data would be called from RAM, which would make it lighting compared to cached the sql in files on disk!)

Anyway, a possibility for a mod or two here, for the benefit of mankind... but importantly, a configuration parameter which can't be configured from ACP...

Sponsor wrote: 

EasySite CMS
Proven, powerful and flexible
content management system
www.eibs.co.uk/

  Damn! They stole the name for my next project idea...