=== added file '.bzrignore' --- /dev/null +++ .bzrignore @@ -0,0 +1,2 @@ +127.0.0.1/ +127.0.0.1 === modified file 'includes/session.inc' --- includes/session.inc +++ includes/session.inc @@ -74,8 +74,24 @@ function sess_write($key, $value) { return TRUE; } -function sess_destroy($key) { - db_query("DELETE FROM {sessions} WHERE sid = '%s'", $key); +/** + * Called by PHP session handling with the PHP session ID to end a user's session. + * Can also be called directly, either with the PHP session ID or another identifier + * such as uid to end a specific user's session. + * + * @param string $key + * @param string $type + * Possible values: + * sid (default): the PHP session id + * uid: the Drupal user id + * hostname: a hostname (usually an IP address) + */ +function sess_destroy($key, $type = 'sid') { + // validate $type stringently to avoid all chance of SQL injection + if (!in_array($type, array('sid', 'uid', 'hostname'))) { + $type = 'sid'; + } + db_query('DELETE FROM {sessions} WHERE '. $type. " = '%s'", $key); } function sess_gc($lifetime) { @@ -89,3 +105,30 @@ function sess_gc($lifetime) { return TRUE; } +/** + * Called when an anonymous user becomes authenticated or vice-versa. + */ +function sess_regenerate() { + $old_session_id = session_id(); + session_regenerate_id(); + db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); +} + +/** + * Counts how many users have sessions. Can count either anonymous sessions, authenticated sessions, or both. + * + * @param int $timestamp + * A Unix timestamp representing a point of time in the past. + * The default is 0, which counts all existing sessions. + * @param int $anonymous + * TRUE counts only anonymous users. + * FALSE counts only authenticated users. + * Any other value will return the count of both authenticated and anonymous users. + * @return int + * The number of users with sessions. + */ +function drupal_count_sessions($timestamp = 0, $anonymous = true) { + $query = ($anonymous) ? ' AND uid = 0' : ' AND uid > 0'; + $result = db_fetch_object(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d'. $query, $time_period)); + return $result->count; +} === modified file 'modules/throttle/throttle.module' --- modules/throttle/throttle.module +++ modules/throttle/throttle.module @@ -62,13 +62,13 @@ function throttle_exit() { $throttle = module_invoke('throttle', 'status'); if ($max_guests = variable_get('throttle_anonymous', 0)) { - $guests = db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); + $guests = drupal_count_sessions(time()-$time_period, TRUE); } else { $guests = 0; } if ($max_users = variable_get('throttle_user', 0)) { - $users = db_result(db_query('SELECT COUNT(DISTINCT(uid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid != 0', time() - $time_period)); + $users = drupal_count_sessions(time()-$time_period, FALSE); } else { $users = 0; === modified file 'modules/user/user.module' --- modules/user/user.module +++ modules/user/user.module @@ -148,7 +148,7 @@ function user_save($account, $array = ar // Delete a blocked user's sessions to kick them if they are online. if (isset($array['status']) && $array['status'] == 0) { - db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid); + sess_destroy($account->uid, 'uid'); } // Refresh user object @@ -553,19 +553,19 @@ function user_block($op = 'list', $delta case 3: if (user_access('access content')) { // Count users with activity in the past defined period. - $time_period = variable_get('user_block_seconds_online', 900); + $time_period = time() - variable_get('user_block_seconds_online', 900); // Perform database queries to gather online user lists. - $guests = db_fetch_object(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); - $users = db_query('SELECT uid, name, access FROM {users} WHERE access >= %d AND uid != 0 ORDER BY access DESC', time() - $time_period); + $guests = drupal_count_sessions($time_period); + $users = db_query('SELECT uid, name, access FROM {users} WHERE access >= %d AND uid != 0 ORDER BY access DESC', $time_period); $total_users = db_num_rows($users); // Format the output with proper grammar. - if ($total_users == 1 && $guests->count == 1) { - $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests->count, '1 guest', '%count guests'))); + if ($total_users == 1 && $guests == 1) { + $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests, '1 guest', '%count guests'))); } else { - $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests->count, '1 guest', '%count guests'))); + $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests, '1 guest', '%count guests'))); } // Display a list of currently online users. @@ -922,10 +922,7 @@ function user_login_submit($form_id, $fo user_module_invoke('login', $form_values, $user); - $old_session_id = session_id(); - session_regenerate_id(); - db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); - + sess_regenerate(); } } @@ -1419,8 +1416,8 @@ function user_edit($category = 'account' */ function user_delete($edit, $uid) { $account = user_load(array('uid' => $uid)); + sess_destroy($uid, 'uid'); db_query('DELETE FROM {users} WHERE uid = %d', $uid); - db_query('DELETE FROM {sessions} WHERE uid = %d', $uid); db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid); db_query('DELETE FROM {authmap} WHERE uid = %d', $uid); $array = array('%name' => theme('placeholder', $account->name), '%email' => theme('placeholder', '<'. $account->mail .'>'));