base.includes.session

1 #!/usr/bin/env python 2 # $Id: session.inc,v 1.50 2008/08/12 10:28:33 dries Exp $ 3 4 """ 5 User session handling functions. 6 7 @package includes 8 @see <a href='http://drupy.net'>Drupy Homepage</a> 9 @see <a href='http://drupal.org'>Drupal Homepage</a> 10 @note Drupy is a port of the Drupal project. 11 @note This file was ported from Drupal's includes/session.inc 12 @author Brendon Crawford 13 @copyright 2008 Brendon Crawford 14 @contact message144 at users dot sourceforge dot net 15 @created 2008-05-25 16 @version 0.1 17 @note License: 18 19 This program is free software; you can redistribute it and/or 20 modify it under the terms of the GNU General Public License 21 as published by the Free Software Foundation; either version 2 22 of the License, or (at your option) any later version. 23 24 This program is distributed in the hope that it will be useful, 25 but WITHOUT ANY WARRANTY; without even the implied warranty of 26 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 27 GNU General Public License for more details. 28 29 You should have received a copy of the GNU General Public License 30 along with this program; if not, write to: 31 32 The Free Software Foundation, Inc., 33 51 Franklin Street, Fifth Floor, 34 Boston, MA 02110-1301, 35 USA 36 """ 37 38 __version__ = "$Revision: 1 $" 39 40 from lib.drupy import DrupyPHP as php 41

42 -def open_(save_path, session_name):

43 return True

44

45 -def close():

46 return True

47

48 -def read(key):

49 # Write and Close handlers are called after destructing objects 50 # since PHP 5.0.5 51 # Thus destructors can use sessions but session handler can't use objects. 52 # So we are moving session closure before destructing objects. 53 register_shutdown_function('session_write_close') 54 # Handle the case of first time visitors and clients that don't 55 # store cookies (eg. web crawlers). 56 if (not php.isset(_COOKIE, php.session_name())): 57 lib_appglobals.user = drupal_anonymous_user() 58 return '' 59 # Otherwise, if the session is still active, we have a record of 60 # the client's session in the database. 61 lib_appglobals.user = \ 62 db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u " + \ 63 "INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", key)) 64 # We found the client's session record and they are an authenticated user 65 if (lib_appglobals.user and lib_appglobals.user.uid > 0): 66 # This is done to unserialize the data member of user 67 lib_appglobals.user = drupal_unpack(lib_appglobals.user) 68 # Add roles element to user 69 lib_appglobals.user.roles = array() 70 lib_appglobals.user.roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user' 71 result = db_query("SELECT r.rid, r.name FROM {role} r " + 72 "INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", \ 73 lib_appglobals.user.uid) 74 while True: 75 role = db_fetch_object(result) 76 if role == None: 77 break 78 lib_appglobals.user.roles[role.rid] = role.name 79 # We didn't find the client's record (session has expired), 80 # or they are an anonymous user. 81 else: 82 session = (lib_appglobals.user.session if \ 83 php.isset(lib_appglobals.user.session) else '') 84 lib_appglobals.user = drupal_anonymous_user(session) 85 return lib_appglobals.user.session

86 87 88

89 -def write(key, value):

90 # If saving of session data is disabled or if the client 91 # doesn't have a session, 92 # and one isn't being created ($value), do nothing. 93 # This keeps crawlers out of 94 # the session table. This reduces memory and server load, 95 # and gives more useful 96 # statistics. We can't eliminate anonymous session table rows 97 # without breaking 98 # the "Who's Online" block. 99 if (not session_save_session() or \ 100 (php.empty(php.COOKIE[php.session_name()]) and php.empty(value))): 101 return True 102 result = db_result(db_query("SELECT COUNT(*) FROM {sessions} " + \ 103 "WHERE sid = '%s'", key)) 104 lib_database.query(\ 105 "UPDATE {sessions} SET " + \ 106 "uid = %d, cache = %d, hostname = '%s', " + \ 107 "session = '%s', timestamp = %d WHERE sid = '%s'", \ 108 lib_appglobals.user.uid, (lib_appglobals.user.cache if \ 109 php.isset(lib_appglobals.user.cache) else ''), \ 110 ip_address(), value, php.time_(), key) 111 if (lib_database.affected_rows()): 112 # Last access time is updated no more frequently than once 113 # every 180 seconds. 114 # This reduces contention in the users table. 115 if (lib_appglobals.user.uid and \ 116 drupy_time() - lib_appglobals.user.access > \ 117 variable_get('session_write_interval', 180)): 118 db_query("UPDATE {users} SET access = %d WHERE uid = %d", \ 119 php.time_(), lib_appglobals.user.uid) 120 else: 121 # If this query fails, another parallel request probably got here first. 122 # In that case, any session data generated in this request is discarded. 123 lib_databae.query(\ 124 "INSERT INTO {sessions} " + \ 125 "(sid, uid, cache, hostname, session, timestamp) " + \ 126 "VALUES ('%s', %d, %d, '%s', '%s', %d)", \ 127 key, lib_appglobals.user.uid, (lib_appglobals.user.cache if \ 128 php.isset(lib_appglobals.user.cache) else ''), \ 129 ip_address(), value, php.time_()) 130 return True

131 132 133

134 -def regenerate():

135 """ 136 Called when an anonymous user becomes authenticated or vice-versa. 137 """ 138 old_session_id = session_id() 139 session_regenerate_id() 140 db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", \ 141 session_id(), old_session_id)

142 143

144 -def count(timestamp = 0, anonymous = True):

145 """ 146 Counts how many users have sessions. Can count either anonymous 147 sessions, authenticated sessions, or both. 148 149 @param int timestamp 150 A Unix timestamp representing a point of time in the past. 151 The default is 0, which counts all existing sessions. 152 @param boolean anonymous 153 True counts only anonymous users. 154 False counts only authenticated users. 155 @return int 156 The number of users with sessions. 157 """ 158 query = (' AND uid = 0' if anonymous else ' AND uid > 0') 159 return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} ' + \ 160 'WHERE timestamp >= %d' + query, timestamp))

161 162

163 -def destroy_sid(sid):

164 """ 165 Called by PHP session handling with the PHP session ID to 166 end a user's session. 167 168 @param string sid 169 the session id 170 """ 171 db_query("DELETE FROM {sessions} WHERE sid = '%s'", sid)

172 173 174

175 -def destroy_uid(uid):

176 """ 177 End a specific user's session 178 179 @param string uid 180 the user id 181 """ 182 db_query('DELETE FROM {sessions} WHERE uid = %d', uid)

183 184 185 186

187 -def gc(lifetime):

188 # Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough 189 # value. For example, if you want user sessions to stay in your database 190 # for three weeks before deleting them, you need to set gc_maxlifetime 191 # to '1814400'. At that value, only after a user doesn't log in after 192 # three weeks (1814400 seconds) will his/her session be removed. 193 db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - lifetime) 194 return True

195 196 197

198 -def save_session(status = None):

199 """ 200 Determine whether to save session data of the current request. 201 202 This function allows the caller to temporarily disable 203 writing of session data, 204 should the request end while performing potentially dangerous 205 operations, such as 206 manipulating the global user object. 207 See http://drupal.org/node/218104 for usage 208 209 @param status 210 Disables writing of session data when False, 211 (re-)enables writing when True. 212 @return 213 False if writing session data has been disabled. Otherwise, True. 214 """ 215 php.static(session_save_session, 'save_session', True) 216 if status != None: 217 session_save_session.save_session = status 218 return session_save_session.save_session

219 220 # 221 # Aliases 222 # 223 name = php.session_name 224

Source Code for Module base.includes.session