123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535 |
- <?php
- function _drupal_session_open() {
- return TRUE;
- }
- function _drupal_session_close() {
- return TRUE;
- }
- function _drupal_session_read($sid) {
- global $user, $is_https;
-
-
-
-
- drupal_register_shutdown_function('session_write_close');
-
-
- $insecure_session_name = substr(session_name(), 1);
- if (empty($sid) || (!isset($_COOKIE[session_name()]) && !isset($_COOKIE[$insecure_session_name]))) {
- $user = drupal_anonymous_user();
- return '';
- }
-
-
-
-
- if ($is_https) {
- $user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.ssid = :ssid", array(':ssid' => $sid))->fetchObject();
- if (!$user) {
- if (isset($_COOKIE[$insecure_session_name])) {
- $user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid AND s.uid = 0", array(
- ':sid' => $_COOKIE[$insecure_session_name]))
- ->fetchObject();
- }
- }
- }
- else {
- $user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid", array(':sid' => $sid))->fetchObject();
- }
-
-
- if ($user && $user->uid > 0 && $user->status == 1) {
-
- $user->data = unserialize($user->data);
-
- $user->roles = array();
- $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
- $user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1);
- }
- elseif ($user) {
-
-
- $account = drupal_anonymous_user();
- $account->session = $user->session;
- $account->timestamp = $user->timestamp;
- $user = $account;
- }
- else {
-
- $user = drupal_anonymous_user();
- $user->session = '';
- }
-
- $last_read = &drupal_static('drupal_session_last_read');
- $last_read = array(
- 'sid' => $sid,
- 'value' => $user->session,
- );
- return $user->session;
- }
- function _drupal_session_write($sid, $value) {
- global $user, $is_https;
-
-
- try {
- if (!drupal_save_session()) {
-
- return TRUE;
- }
-
- $last_read = &drupal_static('drupal_session_last_read');
- $is_changed = !isset($last_read) || $last_read['sid'] != $sid || $last_read['value'] !== $value;
-
-
- if ($is_changed || !isset($user->timestamp) || REQUEST_TIME - $user->timestamp > variable_get('session_write_interval', 180)) {
-
- $fields = array(
- 'uid' => $user->uid,
- 'cache' => isset($user->cache) ? $user->cache : 0,
- 'hostname' => ip_address(),
- 'session' => $value,
- 'timestamp' => REQUEST_TIME,
- );
-
-
-
- $key = array('sid' => $sid, 'ssid' => '');
-
- if ($is_https) {
- $key['ssid'] = $sid;
-
-
-
- if (variable_get('https', FALSE)) {
- $insecure_session_name = substr(session_name(), 1);
- if (isset($_COOKIE[$insecure_session_name])) {
- $key['sid'] = $_COOKIE[$insecure_session_name];
- }
- }
- }
- elseif (variable_get('https', FALSE)) {
- unset($key['ssid']);
- }
- db_merge('sessions')
- ->key($key)
- ->fields($fields)
- ->execute();
- }
-
- if ($user->uid && REQUEST_TIME - $user->access > variable_get('session_write_interval', 180)) {
- db_update('users')
- ->fields(array(
- 'access' => REQUEST_TIME
- ))
- ->condition('uid', $user->uid)
- ->execute();
- }
- return TRUE;
- }
- catch (Exception $exception) {
- require_once DRUPAL_ROOT . '/includes/errors.inc';
-
-
- if (error_displayable()) {
- print '<h1>Uncaught exception thrown in session handler.</h1>';
- print '<p>' . _drupal_render_exception_safe($exception) . '</p><hr />';
- }
- return FALSE;
- }
- }
- function drupal_session_initialize() {
- global $user, $is_https;
- session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection');
-
-
- if (!empty($_COOKIE[session_name()]) || ($is_https && variable_get('https', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
-
-
-
-
- drupal_session_start();
- if (!empty($user->uid) || !empty($_SESSION)) {
- drupal_page_is_cacheable(FALSE);
- }
- }
- else {
-
-
-
-
- $GLOBALS['lazy_session'] = TRUE;
- $user = drupal_anonymous_user();
-
-
-
- session_id(drupal_random_key());
- if ($is_https && variable_get('https', FALSE)) {
- $insecure_session_name = substr(session_name(), 1);
- $session_id = drupal_random_key();
- $_COOKIE[$insecure_session_name] = $session_id;
- }
- }
- date_default_timezone_set(drupal_get_user_timezone());
- }
- function drupal_session_start() {
-
- if (!drupal_session_started() && !drupal_is_cli()) {
-
- $session_data = isset($_SESSION) ? $_SESSION : NULL;
- session_start();
- drupal_session_started(TRUE);
-
- if (!empty($session_data)) {
- $_SESSION += $session_data;
- }
- }
- }
- function drupal_session_commit() {
- global $user, $is_https;
- if (!drupal_save_session()) {
-
- return;
- }
- if (empty($user->uid) && empty($_SESSION)) {
-
-
- if (drupal_session_started()) {
- session_destroy();
- }
- }
- else {
-
-
- if (!drupal_session_started()) {
- drupal_session_start();
- if ($is_https && variable_get('https', FALSE)) {
- $insecure_session_name = substr(session_name(), 1);
- $params = session_get_cookie_params();
- $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
- setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
- }
- }
-
- session_write_close();
- }
- }
- function drupal_session_started($set = NULL) {
- static $session_started = FALSE;
- if (isset($set)) {
- $session_started = $set;
- }
- return $session_started && session_id();
- }
- function drupal_session_regenerate() {
- global $user, $is_https;
-
- if (!drupal_save_session()) {
- return;
- }
- if ($is_https && variable_get('https', FALSE)) {
- $insecure_session_name = substr(session_name(), 1);
- if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) {
- $old_insecure_session_id = $_COOKIE[$insecure_session_name];
- }
- $params = session_get_cookie_params();
- $session_id = drupal_random_key();
-
-
-
- $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
- setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
- $_COOKIE[$insecure_session_name] = $session_id;
- }
- if (drupal_session_started()) {
- $old_session_id = session_id();
- }
- session_id(drupal_random_key());
- if (isset($old_session_id)) {
- $params = session_get_cookie_params();
- $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
- setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- $fields = array('sid' => session_id());
- if ($is_https) {
- $fields['ssid'] = session_id();
-
-
- if (variable_get('https', FALSE)) {
- $fields['sid'] = $session_id;
- }
- }
- db_update('sessions')
- ->fields($fields)
- ->condition($is_https ? 'ssid' : 'sid', $old_session_id)
- ->execute();
- }
- elseif (isset($old_insecure_session_id)) {
-
-
-
- db_update('sessions')
- ->fields(array('sid' => $session_id, 'ssid' => session_id()))
- ->condition('sid', $old_insecure_session_id)
- ->execute();
- }
- else {
-
-
-
- $account = $user;
- drupal_session_start();
- $user = $account;
- }
- date_default_timezone_set(drupal_get_user_timezone());
- }
- function _drupal_session_destroy($sid) {
- global $user, $is_https;
-
- if (!drupal_save_session()) {
- return TRUE;
- }
-
- db_delete('sessions')
- ->condition($is_https ? 'ssid' : 'sid', $sid)
- ->execute();
-
-
- $_SESSION = array();
- $user = drupal_anonymous_user();
-
- _drupal_session_delete_cookie(session_name());
- if ($is_https) {
- _drupal_session_delete_cookie(substr(session_name(), 1), FALSE);
- }
- elseif (variable_get('https', FALSE)) {
- _drupal_session_delete_cookie('S' . session_name(), TRUE);
- }
- return TRUE;
- }
- function _drupal_session_delete_cookie($name, $secure = NULL) {
- global $is_https;
- if (isset($_COOKIE[$name]) || (!$is_https && $secure === TRUE)) {
- $params = session_get_cookie_params();
- if ($secure !== NULL) {
- $params['secure'] = $secure;
- }
- setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- unset($_COOKIE[$name]);
- }
- }
- function drupal_session_destroy_uid($uid) {
-
- if (!drupal_save_session()) {
- return;
- }
- db_delete('sessions')
- ->condition('uid', $uid)
- ->execute();
- }
- function _drupal_session_garbage_collection($lifetime) {
-
-
-
-
-
- db_delete('sessions')
- ->condition('timestamp', REQUEST_TIME - $lifetime, '<')
- ->execute();
- return TRUE;
- }
- function drupal_save_session($status = NULL) {
-
-
-
- static $save_session = TRUE;
- if (isset($status)) {
- $save_session = $status;
- }
- return $save_session;
- }
|