/** * @see SessionFactory::create() */ public function create() { // get spider information $spider = $this->isSpider(UserUtil::getUserAgent()); if ($spider) { if (($session = $this->getExistingSpiderSession($spider['spiderID'])) !== null) { if (!$session->isCorrupt()) { return $session; } } } // create new session hash $sessionID = StringUtil::getRandomID(); // check cookies for userID & password require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php'; $user = UserAuth::getInstance()->loginAutomatically(true, $this->userClassName); if ($user === null) { // no valid user found // create guest user $user = new $this->guestClassName(); } // update user session $user->update(); if ($user->userID != 0) { // user is no guest // delete all other sessions of this user Session::deleteSessions($user->userID, true, false); } $requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : ''; // insert session into database $sql = "INSERT INTO \twcf" . WCF_N . "_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent,\n\t\t\t\t\tlastActivityTime, requestURI, requestMethod,\n\t\t\t\t\tusername" . ($spider ? ", spiderID" : "") . ")\n\t\t\tVALUES\t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "',\n\t\t\t\t\t'" . ($spider ? escapeString($spider['spiderName']) : escapeString($user->username)) . "'\n\t\t\t\t\t" . ($spider ? ", " . $spider['spiderID'] : "") . ")"; WCF::getDB()->sendQuery($sql); // save user data $serializedUserData = ''; if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') { require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php'; MemcacheAdapter::getInstance()->getMemcache()->set('session_userdata_-' . $sessionID, $user); } else { $serializedUserData = serialize($user); try { $sql = "INSERT INTO \twcf" . WCF_N . "_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')"; WCF::getDB()->sendQuery($sql); } catch (DatabaseException $e) { // horizon update workaround $sql = "UPDATE \twcf" . WCF_N . "_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'"; WCF::getDB()->sendQuery($sql); } } // return new session object return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'username' => $spider ? $spider['spiderName'] : $user->username, 'spiderID' => $spider ? $spider['spiderID'] : 0, 'isNew' => true)); }
/** * Deletes users. * Returns the number of deleted users. * * @param array $userIDs * @return integer */ public static function deleteUsers($userIDs) { if (count($userIDs) == 0) { return 0; } $userIDsStr = implode(',', $userIDs); // delete options from this user $sql = "DELETE \tFROM wcf" . WCF_N . "_user_option_value\n\t\t\tWHERE \tuserID IN (" . $userIDsStr . ")"; WCF::getDB()->sendQuery($sql); // delete user from user table $sql = "DELETE \tFROM wcf" . WCF_N . "_user\n\t\t\tWHERE \tuserID IN (" . $userIDsStr . ")"; WCF::getDB()->sendQuery($sql); // delete user to groups $sql = "DELETE \tFROM wcf" . WCF_N . "_user_to_groups\n\t\t\tWHERE \tuserID IN (" . $userIDsStr . ")"; WCF::getDB()->sendQuery($sql); // delete user to languages $sql = "DELETE \tFROM wcf" . WCF_N . "_user_to_languages\n\t\t\tWHERE \tuserID IN (" . $userIDsStr . ")"; WCF::getDB()->sendQuery($sql); // delete sessions Session::deleteSessions($userIDs); return count($userIDs); }