/** * Refresh global user data following the actual session state. */ protected function updateUser() { global $user; $uid = $this->getSessionUid(); if (!empty($uid)) { $user = db_query("SELECT u.* FROM {users} u WHERE u.uid = :uid", array(':uid' => $uid))->fetchObject(); if (1 == $user->status) { $user->data = unserialize($user->data); $user->roles = array(); $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user'; $user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1); } else { $user = drupal_anonymous_user(); } } else { $user = drupal_anonymous_user(); } // The 'session' attribute is an insanity and should be removed. $user->session = ''; $user->timestamp = REQUEST_TIME; // Avoid some PHP warnings with backends using it (mongodb module does // check it). Some backends may set this variable, if they keep it, some // other won't. if (!isset($user->cache)) { $user->cache = 0; } // Do not update access time more than once per 180 seconds. Also check // for an active database connection: actual core will have one, but in // the late future we may have session handling without database at all. if (!$this->userAccessUpdated && Database::isActiveConnection() && $user->uid && REQUEST_TIME - $user->access > variable_get('session_write_interval', 180)) { db_update('users')->fields(array('access' => REQUEST_TIME))->condition('uid', $user->uid)->execute(); $this->userAccessUpdated = TRUE; } }