Code coverage for /20080809/includes/session.inc

Line #Times calledCode
1
<?php
2
// $Id: session.inc,v 1.49 2008/07/11 10:14:27 dries Exp $
3
4
/**
5
 * @file
6
 * User session handling functions.
7
 */
8
92027
function sess_open($save_path, $session_name) {
102027
  return TRUE;
110
}
12
132027
function sess_close() {
14504
  return TRUE;
150
}
16
172027
function sess_read($key) {
182027
  global $user;
19
20
  // Write and Close handlers are called after destructing objects since
PHP 5.0.5
21
  // Thus destructors can use sessions but session handler can't use
objects.
22
  // So we are moving session closure before destructing objects.
232027
  register_shutdown_function('session_write_close');
24
25
  // Handle the case of first time visitors and clients that don't store
cookies (eg. web crawlers).
262027
  if (!isset($_COOKIE[session_name()])) {
2792
    $user = drupal_anonymous_user();
2892
    return '';
290
  }
30
31
  // Otherwise, if the session is still active, we have a record of the
client's session in the database.
321935
  $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER
JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
33
34
  // We found the client's session record and they are an authenticated
user
351935
  if ($user && $user->uid > 0) {
36
    // This is done to unserialize the data member of $user
371405
    $user = drupal_unpack($user);
38
39
    // Add roles element to $user
401405
    $user->roles = array();
411405
    $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
421405
    $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN
{users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);
431405
    while ($role = db_fetch_object($result)) {
441397
      $user->roles[$role->rid] = $role->name;
451397
    }
461405
  }
47
  // We didn't find the client's record (session has expired), or they are
an anonymous user.
48
  else {
49530
    $session = isset($user->session) ? $user->session : '';
50530
    $user = drupal_anonymous_user($session);
51
  }
52
531935
  return $user->session;
540
}
55
562027
function sess_write($key, $value) {
57421
  global $user;
58
59
  // If saving of session data is disabled or if the client doesn't have a
session,
60
  // and one isn't being created ($value), do nothing. This keeps crawlers
out of
61
  // the session table. This reduces memory and server load, and gives more
useful
62
  // statistics. We can't eliminate anonymous session table rows without
breaking
63
  // the "Who's Online" block.
64421
  if (!session_save_session() || (empty($_COOKIE[session_name()]) &&
empty($value))) {
650
    return TRUE;
660
  }
67
68421
  db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s',
session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid,
isset($user->cache) ? $user->cache : '', ip_address(), $value, time(),
$key);
69421
  if (db_affected_rows()) {
70
    // Last access time is updated no more frequently than once every 180
seconds.
71
    // This reduces contention in the users table.
72420
    if ($user->uid && time() - $user->access >
variable_get('session_write_interval', 180)) {
739
      db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(),
$user->uid);
749
    }
75420
  }
76
  else {
77
    // If this query fails, another parallel request probably got here
first.
78
    // In that case, any session data generated in this request is
discarded.
791
    @db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session,
timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid,
isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
80
  }
81
82421
  return TRUE;
830
}
84
85
/**
86
 * Called when an anonymous user becomes authenticated or vice-versa.
87
 */
882027
function sess_regenerate() {
89160
  $old_session_id = session_id();
90160
  session_regenerate_id();
91160
  db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'",
session_id(), $old_session_id);
92160
}
93
94
/**
95
 * Counts how many users have sessions. Can count either anonymous
sessions, authenticated sessions, or both.
96
 *
97
 * @param int $timestamp
98
 *   A Unix timestamp representing a point of time in the past.
99
 *   The default is 0, which counts all existing sessions.
100
 * @param int $anonymous
101
 *   TRUE counts only anonymous users.
102
 *   FALSE counts only authenticated users.
103
 *   Any other value will return the count of both authenticated and
anonymous users.
104
 * @return  int
105
 *   The number of users with sessions.
106
 */
1072027
function sess_count($timestamp = 0, $anonymous = true) {
1080
  $query = $anonymous ? ' AND uid = 0' : ' AND uid > 0';
1090
  return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions}
WHERE timestamp >= %d' . $query, $timestamp));
1100
}
111
112
/**
113
 * Called by PHP session handling with the PHP session ID to end a user's
session.
114
 *
115
 * @param  string $sid
116
 *   the session id
117
 */
1182027
function sess_destroy_sid($sid) {
11983
  db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
12083
}
121
122
/**
123
 * End a specific user's session
124
 *
125
 * @param  string $uid
126
 *   the user id
127
 */
1282027
function sess_destroy_uid($uid) {
1293
  db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
1303
}
131
1322027
function sess_gc($lifetime) {
133
  // Be sure to adjust 'php_value session.gc_maxlifetime' to a large
enough
134
  // value. For example, if you want user sessions to stay in your
database
135
  // for three weeks before deleting them, you need to set gc_maxlifetime
136
  // to '1814400'. At that value, only after a user doesn't log in after
137
  // three weeks (1814400 seconds) will his/her session be removed.
1380
  db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() -
$lifetime);
139
1400
  return TRUE;
1410
}
142
143
/**
144
 * Determine whether to save session data of the current request.
145
 *
146
 * This function allows the caller to temporarily disable writing of
session data,
147
 * should the request end while performing potentially dangerous
operations, such as
148
 * manipulating the global $user object.  See http://drupal.org/node/218104
for usage
149
 *
150
 * @param $status
151
 *   Disables writing of session data when FALSE, (re-)enables writing when
TRUE.
152
 * @return
153
 *   FALSE if writing session data has been disabled. Otherwise, TRUE.
154
 */
1552027
function session_save_session($status = NULL) {
156421
  static $save_session = TRUE;
157421
  if (isset($status)) {
1580
    $save_session = $status;
1590
  }
160421
  return ($save_session);
1610
}
1622027