[ Index ]
 

Code source de Drupal 5.3
Accédez au Source d'autres logiciels libres

Classes | Fonctions | Variables | Constantes | Tables

title

Body

[fermer]

/includes/ -> session.inc (source)

[Sommaire] [Imprimer] 

   1  <?php
   2  // $Id: session.inc,v 1.37.2.2 2007/07/26 19:16:45 drumm Exp $
   3  
   4  /**
   5   * @file
   6   * User session handling functions.
   7   */
   8  
   9  function sess_open($save_path, $session_name) {
  10    return TRUE;
  11  }
  12  
  13  function sess_close() {
  14    return TRUE;
  15  }
  16  
  17  function sess_read($key) {
  18    global $user;
  19  
  20    // Write and Close handlers are called after destructing objects since PHP 5.0.5
  21    // Thus destructors can use sessions but session handler can't use objects.
  22    // So we are moving session closure before destructing objects.
  23    register_shutdown_function('session_write_close');
  24  
  25    // Handle the case of first time visitors and clients that don't store cookies (eg. web crawlers).
  26    if (!isset($_COOKIE[session_name()])) {
  27      $user = drupal_anonymous_user();
  28      return '';
  29    }
  30  
  31    // Otherwise, if the session is still active, we have a record of the client's session in the database.
  32    $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
  33  
  34    // We found the client's session record and they are an authenticated user
  35    if ($user && $user->uid > 0) {
  36      // This is done to unserialize the data member of $user
  37      $user = drupal_unpack($user);
  38  
  39      // Add roles element to $user
  40      $user->roles = array();
  41      $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
  42      $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);
  43      while ($role = db_fetch_object($result)) {
  44        $user->roles[$role->rid] = $role->name;
  45      }
  46    }
  47    // We didn't find the client's record (session has expired), or they are an anonymous user.
  48    else  {
  49      $session = isset($user->session) ? $user->session : '';
  50      $user = drupal_anonymous_user($session);
  51    }
  52  
  53    return $user->session;
  54  }
  55  
  56  function sess_write($key, $value) {
  57    global $user;
  58  
  59    // If saving of session data is disabled or if the client doesn't have a session,
  60    // and one isn't being created ($value), do nothing.
  61    if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) {
  62      return TRUE;
  63    }
  64  
  65    $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key);
  66  
  67    if (!db_num_rows($result)) {
  68      // Only save session data when when the browser sends a cookie. This keeps
  69      // crawlers out of session table. This reduces memory and server load,
  70      // and gives more useful statistics. We can't eliminate anonymous session
  71      // table rows without breaking throttle module and "Who's Online" block.
  72      if ($user->uid || $value || count($_COOKIE)) {
  73        db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time());
  74      }
  75    }
  76    else {
  77      db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time(), $key);
  78  
  79      // TODO: this can be an expensive query. Perhaps only execute it every x minutes. Requires investigation into cache expiration.
  80      if ($user->uid) {
  81        db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid);
  82      }
  83    }
  84  
  85    return TRUE;
  86  }
  87  
  88  /**
  89   * Called when an anonymous user becomes authenticated or vice-versa.
  90   */
  91  function sess_regenerate() {
  92    $old_session_id = session_id();
  93  
  94    // We code around http://bugs.php.net/bug.php?id=32802 by destroying
  95    // the session cookie by setting expiration in the past (a negative
  96    // value).  This issue only arises in PHP versions before 4.4.0,
  97    // regardless of the Drupal configuration.
  98    // TODO: remove this when we require at least PHP 4.4.0
  99    if (isset($_COOKIE[session_name()])) {
 100      setcookie(session_name(), '', time() - 42000, '/');
 101    }
 102  
 103    session_regenerate_id();
 104  
 105    db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
 106  }
 107  
 108  /**
 109   * Counts how many users have sessions. Can count either anonymous sessions, authenticated sessions, or both.
 110   *
 111   * @param int $timestamp
 112   *   A Unix timestamp representing a point of time in the past.
 113   *   The default is 0, which counts all existing sessions.
 114   * @param int $anonymous
 115   *   TRUE counts only anonymous users.
 116   *   FALSE counts only authenticated users.
 117   *   Any other value will return the count of both authenticated and anonymous users.
 118   * @return  int
 119   *   The number of users with sessions.
 120   */
 121  function sess_count($timestamp = 0, $anonymous = true) {
 122    $query = $anonymous ? ' AND uid = 0' : ' AND uid > 0';
 123    return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d'. $query, $timestamp));
 124  }
 125  
 126  /**
 127   * Called by PHP session handling with the PHP session ID to end a user's session.
 128   *
 129   * @param  string $sid
 130   *   the session id
 131   */
 132  function sess_destroy_sid($sid) {
 133    db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
 134  }
 135  
 136  /**
 137   * End a specific user's session
 138   *
 139   * @param  string $uid
 140   *   the user id
 141   */
 142  function sess_destroy_uid($uid) {
 143    db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
 144  }
 145  
 146  function sess_gc($lifetime) {
 147    // Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough
 148    // value. For example, if you want user sessions to stay in your database
 149    // for three weeks before deleting them, you need to set gc_maxlifetime
 150    // to '1814400'. At that value, only after a user doesn't log in after
 151    // three weeks (1814400 seconds) will his/her session be removed.
 152    db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime);
 153  
 154    return TRUE;
 155  }
 156  
 157  /**
 158   * Determine whether to save session data of the current request.
 159   *
 160   * This function allows the caller to temporarily disable writing of session data,
 161   * should the request end while performing potentially dangerous operations, such as
 162   * manipulating the global $user object.
 163   *
 164   * @param $status
 165   *   Disables writing of session data when FALSE, (re-)enables writing when TRUE.
 166   *
 167   * @return FALSE if writing session data has been disabled. Otherwise, TRUE.
 168   */
 169  function session_save_session($status = NULL) {
 170    static $save_session = TRUE;
 171    if (isset($status)) {
 172      $save_session = $status;
 173    }
 174    return ($save_session);
 175  }

Corps

Corps

Corps

Corps


Généré le : Fri Nov 30 16:20:15 2007 par Balluche grâce à PHPXref 0.7
  Clicky Web Analytics