drupal/includes/session.inc

<?php
// $Id$

/**
 * @file
 * User session handling functions.
 */

/*** Session functions *****************************************************/

function sess_open($save_path, $session_name) {
  return 1;
}

function sess_close() {
  return 1;
}

function sess_read($key) {
  global $user;

  $result = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key);

  if (!db_num_rows($result)) {
    db_query("INSERT INTO {sessions} (sid, uid, hostname, timestamp) VALUES ('%s', 0, '%s', %d)", $key, $_SERVER["REMOTE_ADDR"], time());
    $result = db_query("SELECT u.* FROM {users} u WHERE u.uid = 0");
  }

  $user = db_fetch_object($result);
  $user = drupal_unpack($user);
  $user->roles = array();

  $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);

  while ($role = db_fetch_object($result)) {
    $user->roles[$role->rid] = $role->name;
  }

  return !empty($user->session) ? $user->session : '';
}

function sess_write($key, $value) {
  global $user;

  db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time(), $key);
  if ($user->uid) {
    db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid);
  }
  return '';
}

function sess_destroy($key) {
  db_query("DELETE FROM {sessions} WHERE sid = '%s'", $key);
}

function sess_gc($lifetime) {

  /*
  **  Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough
  **   value.  For example, if you want user sessions to stay in your database
  **   for three weeks before deleting them, you need to set gc_maxlifetime
  **   to '1814400'.  At that value, only after a user doesn't log in after
  **   three weeks (1814400 seconds) will his/her session be removed.
  */
  db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime);

  return 1;

}
- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00			`<?php`
- Fixed race condition in session handler. Patch by Kjartan. 2003-12-13 13:00:47 +00:00			`// $Id$`
- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00
- Patch by JonBob: for consistency and readability, add brief descriptions of each source file inside the @file comment block at the head of the file. This helps with Doxygen indexing, and also allows neophytes to see what a file does immediately on opening the source, regardless of the organization of the hooks. 2004-08-21 06:42:38 +00:00			`/**`
			`* @file`
			`* User session handling functions.`
			`*/`

- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00			`/* Session functions ***************************************************/`

			`function sess_open($save_path, $session_name) {`
			`return 1;`
			`}`

			`function sess_close() {`
			`return 1;`
			`}`

			`function sess_read($key) {`
			`global $user;`
- Simplified the session code (PostgreSQL update). 2005-03-01 20:15:10 +00:00
- Patch 42115 by Cvbge/ m3avrck: improved performance of session loading. 2005-12-31 11:50:47 +00:00			`$result = db_query("SELECT u., s. FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key);`
- Fixes bug #4100: First visit to site results in 'access denied' page. - Fixed sess_write(). - Removed dead code in index.php. 2003-11-18 23:37:48 +00:00
			`if (!db_num_rows($result)) {`
- Simplified the session code (PostgreSQL update). 2005-03-01 20:15:10 +00:00			`db_query("INSERT INTO {sessions} (sid, uid, hostname, timestamp) VALUES ('%s', 0, '%s', %d)", $key, $_SERVER["REMOTE_ADDR"], time());`
- Performance improvement: made 'sid' the primary key of the sessions table. That should improve performance of session handling as well improve performance of the "Who's online"-block. Drupal.org's sessions table contains appr. 40.000 sessions on a slow day and rendering the "Who's online"-block became a performance bottleneck. This change has yet to be tested on a busy site so things might go wrong. 2004-11-07 21:53:55 +00:00			`$result = db_query("SELECT u.* FROM {users} u WHERE u.uid = 0");`
- Fixes bug #4100: First visit to site results in 'access denied' page. - Fixed sess_write(). - Removed dead code in index.php. 2003-11-18 23:37:48 +00:00			`}`

- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00			`$user = db_fetch_object($result);`
- Patch 4859: new drupal_unpack() consolidates duplicate code and makes it easy to show avatars next to nodes and comments. Patch by Moshe. As a showcase, maybe Xtemplate should have an option to enable/disable avatars? 2004-01-13 19:25:37 +00:00			`$user = drupal_unpack($user);`
- Added support for multiple user roles. Patch by Jim Hriggs. 2004-05-10 20:34:25 +00:00			`$user->roles = array();`

			`$result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);`

			`while ($role = db_fetch_object($result)) {`
			`$user->roles[$role->rid] = $role->name;`
			`}`
- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00
			`return !empty($user->session) ? $user->session : '';`
			`}`

			`function sess_write($key, $value) {`
			`global $user;`

- Patch #19298 by Jeremy: loose caching! Drupal's existing caching mechanism doesn't perform well on highly dynamic websites in which the cache is flushed frequently. One example is a site that is under attack by a spambot that is posting spam comments every few seconds, causing all cached pages to be flushed every few seconds. Loose caching immediately flushes the cache only for specific users who have modified cached data (whether or not they are logged in), delaying the flushing of data for other users by several minutes. (I rewrote the help text a bit and made minor changes to the code comments.) 2005-04-11 19:05:52 +00:00			`db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time(), $key);`
- Patch #35354 by Moshe/chx: only update the last access time for authenticated users. 2005-10-28 13:35:49 +00:00			`if ($user->uid) {`
			`db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid);`
			`}`
- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00			`return '';`
			`}`

			`function sess_destroy($key) {`
- Patch by Thomas: always use db abstraction layer 2005-08-10 20:42:54 +00:00			`db_query("DELETE FROM {sessions} WHERE sid = '%s'", $key);`
- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page. 2003-11-18 19:44:36 +00:00			`}`

			`function sess_gc($lifetime) {`

			`/*`
			`** Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough`
			`** value. For example, if you want user sessions to stay in your database`
			`** for three weeks before deleting them, you need to set gc_maxlifetime`
			`** to '1814400'. At that value, only after a user doesn't log in after`
			`** three weeks (1814400 seconds) will his/her session be removed.`
			`*/`
			`db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime);`

			`return 1;`

			`}`

- Patch #29385 by chx: no ?> add end of files. 2005-08-25 21:14:17 +00:00