function _sql_affected($sql)
{
_sql($sql);
return _affectedrows();
}
/**
* Create a new session
*
* If upon trying to start a session we discover there is nothing existing we
* jump here. Additionally this method is called directly during login to regenerate
* the session for the specific user. In this method we carry out a number of tasks;
* garbage collection, (search)bot checking, banned user comparison. Basically
* though this method will result in a new session for a specific user.
*/
function session_create($user_id = false, $update_page = true)
{
global $core;
$this->data = w();
// Garbage collection ... remove old sessions updating user information
// if necessary. It means (potentially) 11 queries but only infrequently
if ($this->time > $core->v('session_last_gc') + $core->v('session_gc')) {
$this->session_gc();
}
// If we've been passed a user_id we'll grab data based on that
if ($user_id !== false) {
$this->cookie_data['u'] = $user_id;
$sql = 'SELECT *
FROM _members
WHERE user_id = ?
AND user_type <> ?';
$this->data = _fieldrow(sql_filter($sql, $this->cookie_data['u'], 2));
}
// If no data was returned one or more of the following occured:
// User does not exist
// User is inactive
// User is bot
if (!count($this->data) || !is_array($this->data)) {
$this->cookie_data['u'] = U_GUEST;
$sql = 'SELECT *
FROM _members
WHERE user_id = ?';
$this->data = _fieldrow(sql_filter($sql, $this->cookie_data['u']));
}
if ($this->data['user_id'] != U_GUEST) {
$sql = 'SELECT session_time, session_id
FROM _sessions
WHERE session_user_id = ?
ORDER BY session_time DESC
LIMIT 1';
if ($sdata = _fieldrow(sql_filter($sql, $this->data['user_id']))) {
$this->data = array_merge($sdata, $this->data);
unset($sdata);
$this->session_id = $this->data['session_id'];
}
$this->data['session_last_visit'] = isset($this->data['session_time']) && $this->data['session_time'] ? $this->data['session_time'] : ($this->data['user_lastvisit'] ? $this->data['user_lastvisit'] : $this->time);
} else {
$this->data['session_last_visit'] = $this->time;
}
// At this stage we should have a filled data array, defined cookie u and k data.
// data array should contain recent session info if we're a real user and a recent
// session exists in which case session_id will also be set
//
// Do away with ultimately?
$this->data['is_member'] = $this->data['user_id'] != U_GUEST ? true : false;
$this->data['is_founder'] = $this->data['user_id'] != U_GUEST && $this->data['user_type'] == U_FOUNDER ? true : false;
$this->data['is_bot'] = false;
// Create or update the session
$sql_ary = array('session_user_id' => (int) $this->data['user_id'], 'session_start' => (int) $this->time, 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time, 'session_browser' => (string) $this->browser, 'session_ip' => (string) $this->ip);
if ($update_page) {
$sql_ary['session_page'] = (string) $this->page;
$this->data['session_page'] = $sql_ary['session_page'];
}
$sql = 'UPDATE _sessions SET ' . _build_array('UPDATE', $sql_ary) . sql_filter('
WHERE session_id = ?', $this->session_id);
if (!$this->session_id || !_sql($sql) || !_affectedrows()) {
$this->session_id = $this->data['session_id'] = md5(unique_id());
$sql_ary['session_id'] = (string) $this->session_id;
$sql = 'INSERT INTO _sessions' . _build_array('INSERT', $sql_ary);
_sql($sql);
}
$cookie_expire = $this->time + 31536000;
$this->set_cookie('u', $this->cookie_data['u'], $cookie_expire);
$this->set_cookie('sid', $this->session_id, 0);
unset($cookie_expire);
return true;
}
