Index: includes/session.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/session.inc,v retrieving revision 1.28 diff -u -F^f -r1.28 session.inc --- includes/session.inc 7 May 2006 00:08:36 -0000 1.28 +++ includes/session.inc 15 Aug 2006 07:34:36 -0000 @@ -74,8 +74,29 @@ function sess_write($key, $value) { return TRUE; } -function sess_destroy($key) { - db_query("DELETE FROM {sessions} WHERE sid = '%s'", $key); +/** + * Called by PHP session handling with the PHP session ID to end a user's session. + * Can also be called directly, either with the PHP session ID or another identifier + * such as uid to end a specific user's session. + * + * @param string $key + * @param string $type + * Possible values: + * sid (default): the PHP session id + * uid: the Drupal user id + * hostname: a hostname (usually an IP address) + */ +function sess_destroy($key, $type = 'sid') { + // validate $type stringently to avoid all chance of SQL injection + switch ($type) { + case 'sid': + case 'uid': + case 'hostname': + break; + default: + $type = 'sid'; + } + db_query('DELETE FROM {sessions} WHERE '. $type. " = '%s'", $key); } function sess_gc($lifetime) { @@ -89,3 +110,30 @@ function sess_gc($lifetime) { return TRUE; } +/** + * Called when an anonymous user becomes an authenticated or vise-versa. + */ +function sess_regenerate() { + $old_session_id = session_id(); + session_regenerate_id(); + db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); +} + +/** + * Counts how many users have sessions. Can count either anonymous sessions, authenticated sessions, or both. + * + * @param int $timestamp + * A Unix timestamp representing a point of time in the past. + * The default is 0, which counts all existing sessions. + * @param int $anonymous + * true for anonymous users. + * false for authenticated users. + * Any other value will return the count of both authenticated and anonymous users. + * @return int + * The number of users with sessions. + */ +function drupal_count_sessions($timestamp = 0, $anonymous = true) { + $query = ($anonymous) ? ' AND uid = 0' : ' AND uid > 0'; + $result = db_fetch_object(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d'. $query, $time_period)); + return $result->count; +} Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.653 diff -u -F^f -r1.653 user.module --- modules/user/user.module 14 Aug 2006 20:35:11 -0000 1.653 +++ modules/user/user.module 15 Aug 2006 07:34:37 -0000 @@ -148,7 +148,7 @@ function user_save($account, $array = ar // Delete a blocked user's sessions to kick them if they are online. if (isset($array['status']) && $array['status'] == 0) { - db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid); + sess_destroy($account->uid, 'uid'); } // Refresh user object @@ -553,19 +553,19 @@ function user_block($op = 'list', $delta case 3: if (user_access('access content')) { // Count users with activity in the past defined period. - $time_period = variable_get('user_block_seconds_online', 900); + $time_period = time() - variable_get('user_block_seconds_online', 900); // Perform database queries to gather online user lists. - $guests = db_fetch_object(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); - $users = db_query('SELECT uid, name, access FROM {users} WHERE access >= %d AND uid != 0 ORDER BY access DESC', time() - $time_period); + $guests = drupal_count_sessions($time_period); + $users = db_query('SELECT uid, name, access FROM {users} WHERE access >= %d AND uid != 0 ORDER BY access DESC', $time_period); $total_users = db_num_rows($users); // Format the output with proper grammar. - if ($total_users == 1 && $guests->count == 1) { - $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests->count, '1 guest', '%count guests'))); + if ($total_users == 1 && $guests == 1) { + $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests, '1 guest', '%count guests'))); } else { - $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests->count, '1 guest', '%count guests'))); + $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests, '1 guest', '%count guests'))); } // Display a list of currently online users. @@ -922,10 +922,7 @@ function user_login_submit($form_id, $fo user_module_invoke('login', $form_values, $user); - $old_session_id = session_id(); - session_regenerate_id(); - db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); - + sess_regenerate(); } } @@ -1419,8 +1416,8 @@ function user_edit($category = 'account' */ function user_delete($edit, $uid) { $account = user_load(array('uid' => $uid)); + sess_destroy($uid, 'uid'); db_query('DELETE FROM {users} WHERE uid = %d', $uid); - db_query('DELETE FROM {sessions} WHERE uid = %d', $uid); db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid); db_query('DELETE FROM {authmap} WHERE uid = %d', $uid); $array = array('%name' => theme('placeholder', $account->name), '%email' => theme('placeholder', '<'. $account->mail .'>'));