webmaster@1: uid > 0) { webmaster@1: // This is done to unserialize the data member of $user webmaster@1: $user = drupal_unpack($user); webmaster@1: webmaster@1: // Add roles element to $user webmaster@1: $user->roles = array(); webmaster@1: $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user'; webmaster@1: $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid); webmaster@1: while ($role = db_fetch_object($result)) { webmaster@1: $user->roles[$role->rid] = $role->name; webmaster@1: } webmaster@1: } webmaster@1: // We didn't find the client's record (session has expired), or they are an anonymous user. webmaster@1: else { webmaster@1: $session = isset($user->session) ? $user->session : ''; webmaster@1: $user = drupal_anonymous_user($session); webmaster@1: } webmaster@1: webmaster@1: return $user->session; webmaster@1: } webmaster@1: webmaster@1: function sess_write($key, $value) { webmaster@1: global $user; webmaster@1: webmaster@1: // If saving of session data is disabled or if the client doesn't have a session, webmaster@11: // and one isn't being created ($value), do nothing. This keeps crawlers out of webmaster@11: // the session table. This reduces memory and server load, and gives more useful webmaster@11: // statistics. We can't eliminate anonymous session table rows without breaking webmaster@11: // the throttle module and the "Who's Online" block. webmaster@1: if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { webmaster@1: return TRUE; webmaster@1: } webmaster@1: webmaster@11: db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key); webmaster@11: if (db_affected_rows()) { webmaster@1: // Last access time is updated no more frequently than once every 180 seconds. webmaster@1: // This reduces contention in the users table. webmaster@1: if ($user->uid && time() - $user->access > variable_get('session_write_interval', 180)) { webmaster@1: db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid); webmaster@1: } webmaster@1: } webmaster@11: else { webmaster@11: // If this query fails, another parallel request probably got here first. webmaster@11: // In that case, any session data generated in this request is discarded. webmaster@11: @db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time()); webmaster@11: } webmaster@1: webmaster@1: return TRUE; webmaster@1: } webmaster@1: webmaster@1: /** webmaster@1: * Called when an anonymous user becomes authenticated or vice-versa. webmaster@1: */ webmaster@1: function sess_regenerate() { webmaster@1: $old_session_id = session_id(); webmaster@1: webmaster@1: // We code around http://bugs.php.net/bug.php?id=32802 by destroying webmaster@1: // the session cookie by setting expiration in the past (a negative webmaster@1: // value). This issue only arises in PHP versions before 4.4.0, webmaster@1: // regardless of the Drupal configuration. webmaster@1: // TODO: remove this when we require at least PHP 4.4.0 webmaster@1: if (isset($_COOKIE[session_name()])) { webmaster@1: setcookie(session_name(), '', time() - 42000, '/'); webmaster@1: } webmaster@1: webmaster@1: session_regenerate_id(); webmaster@1: webmaster@1: db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); webmaster@1: } webmaster@1: webmaster@1: /** webmaster@9: * Counts how many users have sessions. Can count either anonymous sessions or authenticated sessions. webmaster@1: * webmaster@1: * @param int $timestamp webmaster@1: * A Unix timestamp representing a point of time in the past. webmaster@1: * The default is 0, which counts all existing sessions. webmaster@9: * @param boolean $anonymous webmaster@1: * TRUE counts only anonymous users. webmaster@1: * FALSE counts only authenticated users. webmaster@1: * @return int webmaster@1: * The number of users with sessions. webmaster@1: */ webmaster@1: function sess_count($timestamp = 0, $anonymous = true) { webmaster@1: $query = $anonymous ? ' AND uid = 0' : ' AND uid > 0'; webmaster@1: return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d'. $query, $timestamp)); webmaster@1: } webmaster@1: webmaster@1: /** webmaster@1: * Called by PHP session handling with the PHP session ID to end a user's session. webmaster@1: * webmaster@1: * @param string $sid webmaster@1: * the session id webmaster@1: */ webmaster@1: function sess_destroy_sid($sid) { webmaster@1: db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid); webmaster@1: } webmaster@1: webmaster@1: /** webmaster@1: * End a specific user's session webmaster@1: * webmaster@1: * @param string $uid webmaster@1: * the user id webmaster@1: */ webmaster@1: function sess_destroy_uid($uid) { webmaster@1: db_query('DELETE FROM {sessions} WHERE uid = %d', $uid); webmaster@1: } webmaster@1: webmaster@1: function sess_gc($lifetime) { webmaster@1: // Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough webmaster@1: // value. For example, if you want user sessions to stay in your database webmaster@1: // for three weeks before deleting them, you need to set gc_maxlifetime webmaster@1: // to '1814400'. At that value, only after a user doesn't log in after webmaster@1: // three weeks (1814400 seconds) will his/her session be removed. webmaster@1: db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime); webmaster@1: webmaster@1: return TRUE; webmaster@1: } webmaster@1: webmaster@1: /** webmaster@1: * Determine whether to save session data of the current request. webmaster@1: * webmaster@1: * This function allows the caller to temporarily disable writing of session data, webmaster@1: * should the request end while performing potentially dangerous operations, such as webmaster@1: * manipulating the global $user object. See http://drupal.org/node/218104 for usage webmaster@1: * webmaster@1: * @param $status webmaster@1: * Disables writing of session data when FALSE, (re-)enables writing when TRUE. webmaster@1: * @return webmaster@1: * FALSE if writing session data has been disabled. Otherwise, TRUE. webmaster@1: */ webmaster@1: function session_save_session($status = NULL) { webmaster@1: static $save_session = TRUE; webmaster@1: if (isset($status)) { webmaster@1: $save_session = $status; webmaster@1: } webmaster@1: return ($save_session); webmaster@1: }