function _sql_affected($sql) { _sql($sql); return _affectedrows(); }
/** * Create a new session * * If upon trying to start a session we discover there is nothing existing we * jump here. Additionally this method is called directly during login to regenerate * the session for the specific user. In this method we carry out a number of tasks; * garbage collection, (search)bot checking, banned user comparison. Basically * though this method will result in a new session for a specific user. */ function session_create($user_id = false, $update_page = true) { global $core; $this->data = w(); // Garbage collection ... remove old sessions updating user information // if necessary. It means (potentially) 11 queries but only infrequently if ($this->time > $core->v('session_last_gc') + $core->v('session_gc')) { $this->session_gc(); } // If we've been passed a user_id we'll grab data based on that if ($user_id !== false) { $this->cookie_data['u'] = $user_id; $sql = 'SELECT * FROM _members WHERE user_id = ? AND user_type <> ?'; $this->data = _fieldrow(sql_filter($sql, $this->cookie_data['u'], 2)); } // If no data was returned one or more of the following occured: // User does not exist // User is inactive // User is bot if (!count($this->data) || !is_array($this->data)) { $this->cookie_data['u'] = U_GUEST; $sql = 'SELECT * FROM _members WHERE user_id = ?'; $this->data = _fieldrow(sql_filter($sql, $this->cookie_data['u'])); } if ($this->data['user_id'] != U_GUEST) { $sql = 'SELECT session_time, session_id FROM _sessions WHERE session_user_id = ? ORDER BY session_time DESC LIMIT 1'; if ($sdata = _fieldrow(sql_filter($sql, $this->data['user_id']))) { $this->data = array_merge($sdata, $this->data); unset($sdata); $this->session_id = $this->data['session_id']; } $this->data['session_last_visit'] = isset($this->data['session_time']) && $this->data['session_time'] ? $this->data['session_time'] : ($this->data['user_lastvisit'] ? $this->data['user_lastvisit'] : $this->time); } else { $this->data['session_last_visit'] = $this->time; } // At this stage we should have a filled data array, defined cookie u and k data. // data array should contain recent session info if we're a real user and a recent // session exists in which case session_id will also be set // // Do away with ultimately? $this->data['is_member'] = $this->data['user_id'] != U_GUEST ? true : false; $this->data['is_founder'] = $this->data['user_id'] != U_GUEST && $this->data['user_type'] == U_FOUNDER ? true : false; $this->data['is_bot'] = false; // Create or update the session $sql_ary = array('session_user_id' => (int) $this->data['user_id'], 'session_start' => (int) $this->time, 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time, 'session_browser' => (string) $this->browser, 'session_ip' => (string) $this->ip); if ($update_page) { $sql_ary['session_page'] = (string) $this->page; $this->data['session_page'] = $sql_ary['session_page']; } $sql = 'UPDATE _sessions SET ' . _build_array('UPDATE', $sql_ary) . sql_filter(' WHERE session_id = ?', $this->session_id); if (!$this->session_id || !_sql($sql) || !_affectedrows()) { $this->session_id = $this->data['session_id'] = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; $sql = 'INSERT INTO _sessions' . _build_array('INSERT', $sql_ary); _sql($sql); } $cookie_expire = $this->time + 31536000; $this->set_cookie('u', $this->cookie_data['u'], $cookie_expire); $this->set_cookie('sid', $this->session_id, 0); unset($cookie_expire); return true; }