discuz session mechanism_PHP tutorial

Php code
Explanation of SESSION mechanism in Discuz! X

As always in Discuz!

​You can see two SESSION tables in the database:
​ One is pre_common_adminsession, which is the SESSION table for the administrator to log in to the background;
The other is the pre_common_session table, which is the SESSION table for all users when they browse the page in the foreground.
Both tables are memory tables (the read and write speed of memory tables is much higher than that of MYISAM tables and text files).

In Discuz! Then the related function execution is triggered when browsing the page, and then written to the database SESSION table.

I will use the login process as an example to explain how the program is executed.
On the homepage of the front desk, after clicking Login, a login window will pop up. After filling in the data, submit it. The URL for form submission is:

1 http://ux.com/member.php?mod=logging&action=login&loginsubmit =yes&floatlogin=yes&inajax=1

The data is submitted to the member.php file, and the following code can be seen in the program:
01 $mod = !in_array($discuz->var['mod'], $modarray) ? 'logging' : $discuz->var['mod']; //The value of mod is what is loaded next php page
02 define('CURMODULE', $mod);
03 $modcachelist = array('register' => array('modreasons', 'stamptypeid', 'fields_required', 'fields_optional', 'ipctrl'));
04 $cachelist = array();
05 if(isset($modcachelist[CURMODULE])) {
06 $cachelist = $modcachelist[CURMODULE];
07 }
08 $discuz->cachelist = $cachelist;
09 $discuz->init();
10 runhooks();
11 require DISCUZ_ROOT.'./source/module/member/member_'.$mod.'.php'; //Complete the inclusion operation of the program

Open the source/module/member/member_logging.php file. It is a class. You can see the following three lines of code in front of the class:


$ctl_obj = new logging_ctl();
$method = 'on_'.$_G['gp_action']; // $_G['gp_action'] is equal to the value of action, which is login
$ctl_obj->$method(); //$ctl_obj->on_login();

The login method can be found in the class. In the method, about line 56, there is the following judgment statement:


if(!submitcheck('loginsubmit', 1, $seccodecheck)) {

The judgment statement is that when a visitor browses, the return value of the submitcheck function is false, and if it is inverted, it is true.
When the user logs in, the program goes through the else part, in which you can see the following five lines of code:


} else {
              $_G['uid'] = $_G['member']['uid'] = 0;
             $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; //Variable assignment
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $_G['setting']['autoidselect'] ? 'auto' : $_G['gp_loginfield']); //Query user data from the database and return corresponding information
 
If($result['status'] > 0) { //The status value is greater than 0, indicating that this user can log in
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0); //Set login status, that is, write COOKIE operation. The data in COOKIE is the corresponding data in SESSION, but this function Not responsible for writing SESSION

Let’s take a look at the setloginstatus function in source/function/function_login.php. It is an ordinary COOKIE writing operation and will not be explained in detail:


function setloginstatus($member, $cookietime) {
global $_G;
$_G['uid'] = $member['uid'];
$_G['username'] = $member['username'];
$_G['adminid'] = $member['adminid'];
$_G['groupid'] = $member['groupid'];
$_G['formhash'] = formhash();
$_G['session']['invisible'] = getuserprofile('invisible');
$_G['member'] = $member;
$_G['core']->session->isnew = 1;
 
dsetcookie('auth', authcode("{$member['password']}t{$member['uid']}", 'ENCODE'), $cookietime, 1, true); //authcode encryption
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum');
}

It can be said that most of the login process has been completed at this point, but if the COOKIE is not cleared, it will always exist on the client. If it times out, the program will judge to discard this COOKIE and rewrite it.

Let’s take a look at the classes for SESSION operations in DZX, in the source/class/calss_core.php file:
Each request in the program will load SESSION, which is executed by the _init_session method in the core class discuz_core. This method is placed in the init method of the class, indicating that SESSION will be automatically written every time the class is loaded.


function _init_session() {

$this->session = new discuz_session(); //Create SESSION class

If($this->init_session) {
//Read data from COOKIE
$this->session->init($this->var['cookie']['sid'], $this->var['clientip'], $this->var['uid' ]);
           $this->var['sid'] = $this->session->sid;
          $this->var['session'] = $this->session->var;
//Determine whether the SIDs are equal or not, indicating that multiple users are logging into the website on the same host and need to rewrite the COOKIE
If($this->var['sid'] != $this->var['cookie']['sid']) {
            dsetcookie('sid', $this->var['sid'], 86400);
         } 

If($this->session->isnew) {
If(ipbanned($this->var['clientip'])) {
$this->session->set('groupid', 6);
                                                                                                                                               } 

If($this->session->get('groupid') == 6) {
$this->var['member']['groupid'] = 6;
              sysmessage('user_banned');
         } 
//UID is not empty, and the SESSION needs to be updated or the SESSION times out, the user status is changed, and the user needs to log in again
if($this->var['uid'] && ($this->session->isnew || ($this->session->get('lastactivity') + 600)
                  $this->session->set('lastactivity', TIMESTAMP);

$update = array('lastip' => $this->var['clientip'], 'lastactivity' => TIMESTAMP);
If($this->session->isnew) {
                    $update['lastvisit'] = TIMESTAMP;
                                                                                                                                                    DB::update('common_member_status', $update, "uid='".$this->var['uid']."'");
         } 

}  
}

The class that operates SESSION is discuz_session. Let’s look at the two methods in this class:


//This function is responsible for generating a new SESSION, but is not responsible for writing to the database
Function create($ip, $uid) {
//Create SESSION, perform data insertion, and generate a six-digit random number by a random function, which is the unique value of the session. The time is the current time, and the sid is the sid in the cookie
$this->isnew = true;
$this->var = $this->newguest;
          $this->set('sid', random(6));
          $this->set('uid', $uid);
          $this->set('ip', $ip);
           $this->set('lastactivity', time());
           $this->sid = $this->var['sid'];
 
          return $this->var;
}  
//This function is responsible for updating SESSION
function update() {
If($this->sid !== null) {
 
                 $data = daddslashes($this->var);
 
If($this->isnew) {
$this->delete();
                 DB::insert('common_session', $data, false, false, true);
                                                                            DB::update('common_session', $data, "sid='$data[sid]'");
                                                                                                                                                  dsetcookie('sid', $this->sid, 86400);
         } 
}  

So far we know the specific function of inserting SESSION into the database and its connection with COOKIE, but it is not clear how this operation is triggered.
Open the source/function/function_core.php file and find the function, updatesession. This function is responsible for updating SESSION:


function updatesession($force = false) {
 
global $_G;
​ static $updated = false;
If(!$updated) {
         $discuz = & discuz_core::instance();
foreach($discuz->session->var as $k => $v) {
If(isset($_G['member'][$k]) && $k != 'lastactivity') {
                      $discuz->session->set($k, $_G['member'][$k]);
                                                                                                                                               } 
 
foreach($_G['action'] as $k => $v) {
                  $discuz->session->set($k, $v);
         } 
 
$discuz->session->update();
 
         $updated = true;
}  
Return $updated;
}

When we search for this function in the program source code, we can see that the following code is found in many templates:


{eval updatesession();}

This function is triggered when the page is browsed and the SESSION is written to the database.

Organize your thoughts:
Step 1: The user logs in, and the program writes COOKIE to the client. These COOKIE are part of the SESSION data, such as SID, IP, and TIME, and do not include key information such as user name and password.
In the second step, after successful login, the program will automatically refresh the page and send another request to the server. The server loads the discuz_core core class and reads SESSION-related information from COOKIE, but it has not yet been written to the database.
In the third step, the core class loading is completed, the program continues to execute, and finally the template is loaded, the updatesession function is triggered, and the SESSION is written to the database.

Author "pz9042"

http://www.bkjia.com/PHPjc/478664.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/478664.htmlTechArticlePhp code The SESSION mechanism in Discuz! The SESSION mechanism that comes with PHP is a set of built-in mechanisms of the system. In the data...