diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/user.module | 37 | ||||
| -rw-r--r-- | modules/user/user.module | 37 |
2 files changed, 64 insertions, 10 deletions
diff --git a/modules/user.module b/modules/user.module index f579fb2ff..c05bec7c5 100644 --- a/modules/user.module +++ b/modules/user.module @@ -22,25 +22,39 @@ function sess_close() { function sess_read($key) { global $user; - $user = user_load(array("sid" => $key, "status" => 1)); + + $result = db_query_range("SELECT u.*, s.*, r.name AS role FROM {users} u INNER JOIN {role} r ON u.rid = r.rid INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '". check_query($key) ."' AND u.status < 3", 0, 1); + $user = db_fetch_object($result); return !empty($user->session) ? $user->session : ''; } function sess_write($key, $value) { - db_query("UPDATE {users} SET hostname = '%s', session = '%s', timestamp = %d WHERE sid = '$key'", $_SERVER["REMOTE_ADDR"], $value, time()); + db_query("UPDATE {sessions} SET hostname = '%s', session = '%s', timestamp = %d WHERE sid = '$key'", $_SERVER["REMOTE_ADDR"], $value, time()); return ''; } function sess_destroy($key) { - db_query("UPDATE {users} SET hostname = '%s', timestamp = %d, sid = '' WHERE sid = '$key'", $_SERVER["REMOTE_ADDR"], time()); + db_query("DELETE FROM {sessions} WHERE sid = '$key'"); + } function sess_gc($lifetime) { + + /* + ** Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough + ** value. For example, if you want user sessions to stay in your database + ** for three weeks before deleting them, you need to set gc_maxlifetime + ** to '1814400'. At that value, only after a user doesn't log in after + ** three weeks (1814400 seconds) will his/her session be removed. + */ + db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime); + return 1; + } /*** Common functions ******************************************************/ @@ -313,7 +327,7 @@ function user_fields() { } // Make sure we return the default fields at least - return is_array($fields) ? $fields: array("uid", "name", "pass", "mail", "homepage", "mode", "sort", "threshold", "theme", "signature", "timestamp", "hostname", "status", "timezone", "rating", "language", "sid", "init", "session", "data", "rid"); + return is_array($fields) ? $fields: array("uid", "name", "pass", "mail", "homepage", "mode", "sort", "threshold", "theme", "signature", "timestamp", "status", "timezone", "rating", "language", "init", "data", "rid"); } /*** Module hooks **********************************************************/ @@ -618,9 +632,22 @@ function user_login($edit = array(), $msg = "") { /* ** Write session ID to database: + ** (TODO: Currently we only save the session if a user is logged in. + ** we should also add support for anonymous user sessions.) */ - user_save($user, array("sid" => session_id())); + if ($user->uid) { + // update the user's session if it already exists + db_query("UPDATE sessions SET timestamp = '%d' WHERE sid = '%s'", time(), session_id()); + + // if no changes, this is a new session to be added + if (!db_affected_rows()) { + db_query("INSERT INTO sessions (uid, sid, hostname, timestamp) values(%d, '%s', '%s', %d)", $user->uid, session_id(), $_SERVER["REMOTE_ADDR"], time()); + } + + // also update the user table timestamp noting user has logged in + db_query("UPDATE users SET timestamp = '%d' WHERE uid = '%s'", time(), $user->uid); + } /* ** If the user wants to be remembered, set the proper cookie such diff --git a/modules/user/user.module b/modules/user/user.module index f579fb2ff..c05bec7c5 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -22,25 +22,39 @@ function sess_close() { function sess_read($key) { global $user; - $user = user_load(array("sid" => $key, "status" => 1)); + + $result = db_query_range("SELECT u.*, s.*, r.name AS role FROM {users} u INNER JOIN {role} r ON u.rid = r.rid INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '". check_query($key) ."' AND u.status < 3", 0, 1); + $user = db_fetch_object($result); return !empty($user->session) ? $user->session : ''; } function sess_write($key, $value) { - db_query("UPDATE {users} SET hostname = '%s', session = '%s', timestamp = %d WHERE sid = '$key'", $_SERVER["REMOTE_ADDR"], $value, time()); + db_query("UPDATE {sessions} SET hostname = '%s', session = '%s', timestamp = %d WHERE sid = '$key'", $_SERVER["REMOTE_ADDR"], $value, time()); return ''; } function sess_destroy($key) { - db_query("UPDATE {users} SET hostname = '%s', timestamp = %d, sid = '' WHERE sid = '$key'", $_SERVER["REMOTE_ADDR"], time()); + db_query("DELETE FROM {sessions} WHERE sid = '$key'"); + } function sess_gc($lifetime) { + + /* + ** Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough + ** value. For example, if you want user sessions to stay in your database + ** for three weeks before deleting them, you need to set gc_maxlifetime + ** to '1814400'. At that value, only after a user doesn't log in after + ** three weeks (1814400 seconds) will his/her session be removed. + */ + db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime); + return 1; + } /*** Common functions ******************************************************/ @@ -313,7 +327,7 @@ function user_fields() { } // Make sure we return the default fields at least - return is_array($fields) ? $fields: array("uid", "name", "pass", "mail", "homepage", "mode", "sort", "threshold", "theme", "signature", "timestamp", "hostname", "status", "timezone", "rating", "language", "sid", "init", "session", "data", "rid"); + return is_array($fields) ? $fields: array("uid", "name", "pass", "mail", "homepage", "mode", "sort", "threshold", "theme", "signature", "timestamp", "status", "timezone", "rating", "language", "init", "data", "rid"); } /*** Module hooks **********************************************************/ @@ -618,9 +632,22 @@ function user_login($edit = array(), $msg = "") { /* ** Write session ID to database: + ** (TODO: Currently we only save the session if a user is logged in. + ** we should also add support for anonymous user sessions.) */ - user_save($user, array("sid" => session_id())); + if ($user->uid) { + // update the user's session if it already exists + db_query("UPDATE sessions SET timestamp = '%d' WHERE sid = '%s'", time(), session_id()); + + // if no changes, this is a new session to be added + if (!db_affected_rows()) { + db_query("INSERT INTO sessions (uid, sid, hostname, timestamp) values(%d, '%s', '%s', %d)", $user->uid, session_id(), $_SERVER["REMOTE_ADDR"], time()); + } + + // also update the user table timestamp noting user has logged in + db_query("UPDATE users SET timestamp = '%d' WHERE uid = '%s'", time(), $user->uid); + } /* ** If the user wants to be remembered, set the proper cookie such |