diff options
author | Kjartan Mannes <kjartan@2.no-reply.drupal.org> | 2003-11-18 23:37:48 +0000 |
---|---|---|
committer | Kjartan Mannes <kjartan@2.no-reply.drupal.org> | 2003-11-18 23:37:48 +0000 |
commit | 2ffa04f5f26c6895b94f0e2a2d00e134b922ba80 (patch) | |
tree | 79483acc91e17e1e6c91ff72db86a22bd4b7244f /includes/session.inc | |
parent | fe9a6afa0875918f7cde61acb7ba766853ff1f84 (diff) | |
download | brdo-2ffa04f5f26c6895b94f0e2a2d00e134b922ba80.tar.gz brdo-2ffa04f5f26c6895b94f0e2a2d00e134b922ba80.tar.bz2 |
- Fixes bug #4100: First visit to site results in 'access denied' page.
- Fixed sess_write().
- Removed dead code in index.php.
Diffstat (limited to 'includes/session.inc')
-rw-r--r-- | includes/session.inc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/includes/session.inc b/includes/session.inc index 5b1389a23..1b88ebc9f 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -16,7 +16,14 @@ function sess_close() { function sess_read($key) { global $user; - $result = db_query_range("SELECT u.*, s.*, r.name AS role FROM {users} u INNER JOIN {role} r ON u.rid = r.rid INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '". check_query($key) ."' AND u.status < 3", 0, 1); + if ($key) { + $result = db_query_range("SELECT u.*, s.*, r.name AS role FROM {users} u INNER JOIN {role} r ON u.rid = r.rid INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s' AND u.status < 3", $key, 0, 1); + } + + if (!db_num_rows($result)) { + $result = db_query("SELECT u.*, r.name AS role FROM {users} u INNER JOIN {role} r ON u.rid = r.rid WHERE u.uid = 0"); + } + $user = db_fetch_object($result); if ($user->data && $data = unserialize($user->data)) { foreach ($data as $key => $value) { @@ -32,7 +39,7 @@ function sess_read($key) { function sess_write($key, $value) { global $user; - db_query("UPDATE {sessions} SET uid = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '$key'", $user->uid, $_SERVER["REMOTE_ADDR"], $value, time()); + db_query("UPDATE {sessions} SET uid = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $_SERVER["REMOTE_ADDR"], $value, time(), $key); if (!db_affected_rows()) { db_query("INSERT INTO {sessions} (uid, sid, hostname, session, timestamp) values(%d, '%s', '%s', '%s', %d)", $user->uid, $key, $_SERVER["REMOTE_ADDR"], $value, time()); @@ -62,5 +69,4 @@ function sess_gc($lifetime) { } - ?>
\ No newline at end of file |