discuz! Example of _php in X session mechanism

The example of this article tells the discuz! The session mechanism in X. Share to everyone for your reference. Specifically as follows:

In discuz! X in always, the session does not use PHP's own session mechanism, but the system's set of self-contained mechanism.

You can see two session tables in the database:
One is pre_common_adminsession, is the administrator login backstage session table;
The other is the Pre_common_session table, which is the session table for all users when browsing the page in the foreground.
Both tables are memory tables (the memory table reads and writes much faster than MYISAM tables and text files).

In discuz! The session in X is inseparable from the cookie because the session is a cookie that is read from the client.
The related function is then executed by the time the page is browsed, and then written to the database session table.

I use the login process as an example to explain how the program is implemented in particular.
At the front page, click Login, pop up a login window, fill out the data, submit. The URL for the form form submission is:

Copy Code code as follows:

<a href= "http://ux.com/member.php?mod=logging&action=login&loginsubmit=yes&floatlogin=yes& Inajax=1 ">http://ux.com/member.php?mod=logging&action=login&loginsubmit=yes&floatlogin=yes& Inajax=1</a>

The data is submitted to the member.php file, and the following code is visible in the program:

$mod =!in_array ($discuz->var[' mod '), $modarray)? ' Logging ': $discuz->var[' mod ']; MoD's value is the next loaded PHP page
define (' Curmodule ', $mod);
$modcachelist = Array (' register ' => Array (' modreasons ', ' Stamptypeid ', ' fields_required ', ' fields_optional ', ' Ipctrl '));
$cachelist = Array ();
if (Isset ($modcachelist [Curmodule])) {
 $cachelist = $modcachelist [Curmodule];
}
$discuz->cachelist = $cachelist;
$discuz->init ();
Runhooks ();
Require Discuz_root. '. /source/module/member/member_ '. $mod. PHP '; Completing a program's include operation

Open the source/module/member/member_logging.php file, a class that sees the following three lines of code in front of the class:

$ctl _obj = new Logging_ctl (); 
$method = ' on_ '. $_g[' gp_action ']; $_g[' gp_action ' equals the value of the action, which is login 
$ctl _obj-> $method ();//$ctl _obj->on_login (); 

The login method can be found in the class, and in the method, approximately 56 rows have one of the following judgment statements:

if (!submitcheck (' Loginsubmit ', 1, $seccodecheck)) {
//The judgment statement is when the visitor browses, the return value of the Submitcheck function is false, take counter, be true.
//When the user logs in, the program goes to the Else section, where you can see the following five code:
} else { 
 $_g[' uid '] = $_g[' member ' [' uid '] = 0; 
 $_g[' username '] = $_g[' member ' [' username '] = $_g[' member ' [' password '] = '; Variable assignment 
 $result = userlogin ($_g[' gp_username '), $_g[' Gp_password '], $_g[' Gp_questionid '], $_g[' gp_answer ', $_g[' Setting ' [' Autoidselect ']? ' Auto ': $_g[' Gp_loginfield ']); Query the user data from the database and return the appropriate information 
 if ($result [' status '] > 0) {//The status value is greater than 0, indicating that there is this user, you can login to 
  setloginstatus ($result [' member '] , $_g[' Gp_cookietime ']? 2.592 million:0); Set the login state, that is, write a cookie operation, the data in the cookie is the corresponding data in the session, but this function is not responsible for writing session action 

Let's take a look at the Setloginstatus function in source/function/function_login.php, an ordinary write COOKIE operation that is no longer specifically explained:

function Setloginstatus ($member, $cookietime) { 
 global $_g; 
 $_g[' uid ' = $member [' uid ']; 
 $_g[' username ' = $member [' username ']; 
 $_g[' Adminid ' = $member [' Adminid ']; 
 $_g[' groupid ' = $member [' GroupID ']; 
 $_g[' formhash '] = Formhash (); 
 $_g[' Session ' [' invisible '] = getuserprofile (' invisible '); 
 $_g[' member ' = $member; 
 $_g[' core ']->session->isnew = 1; 
 Dsetcookie (' auth ', Authcode ("{$member [' password ']}\t{$member [' uid ']} ', ' ENCODE '), $cookietime, 1, true); Authcode encryption 
 Dsetcookie (' Loginuser '); 
 Dsetcookie (' Activationauth '); 
 Dsetcookie (' Pmnum '); 
}

Here it can be said that most of the login process has gone, but the cookie does not clear, will always exist in the client, if the timeout, the program in the decision to discard this COOKIE, and write again.

Let's take a look at the classes in the DZX session, in the source/class/calss_core.php file:
Each request in the program loads the session, which is performed by the _init_session method in the core class Discuz_core, which is placed in the class's Init method, stating that the session is automatically written each time the class is loaded.

function _init_session () {$this->session = new Discuz_session ();//Create Session class if ($this->init_session) {/ /read data from Cookies $this->session->init ($this->var[' cookies ' [' Sid '], $this->var[' ClientIP '), $this->var 
  [' UID ']); 
  $this->var[' sid '] = $this->session->sid; 
  $this->var[' session '] = $this->session->var; To determine whether a SID is equal or not, it means that multiple users are logged on to the site on the same host and need to write back the cookie if ($this->var[' Sid ']!= $this->var[' cookies ' [' Sid ']) {Dsetco 
  Okie (' Sid ', $this->var[' Sid '], 86400); } if ($this->session->isnew) {if (ipbanned ($this->var[' ClientIP ')) {$this->session->set (' group 
   Id ', 6); 
   } if ($this->session->get (' groupid ') = = 6) {$this->var[' member '] [' groupid '] = 6; 
  Sysmessage (' user_banned '); //uid is not empty and needs to update session or session timeout, change user status, require user to log back in if ($this->var[' UID ') && ($this->session->is New | | 
($this->session->get (' lastactivity ') +) < TIMESTAMP)) {   $this->session->set (' lastactivity ', TIMESTAMP); 
   $update = Array (' Lastip ' => $this->var[' ClientIP '], ' lastactivity ' => TIMESTAMP); 
   if ($this->session->isnew) {$update [' lastvisit '] = TIMESTAMP; 
  Db::update (' Common_member_status ', $update, "uid="). $this->var[' uid '].

 } 
 } 
}

The class that operates the session is Discuz_session, and we look at the two methods in this class:

This function is responsible for generating a new session, but is not responsible for writing database 
function Create ($IP, $uid) { 
//creating session, executing insert data, A six-bit random number generated by a random function is the time of the session's unique value, the SID 
  $this->isnew = true in a cookie; 
  $this->var = $this->newguest; 
  $this->set (' Sid ', Random (6)); 
  $this->set (' uid ', $uid); 
  $this->set (' IP ', $ip); 
  $this->set (' LastActivity ', Time ()); 
  $this->sid = $this->var[' sid ']; 
  return $this->var; 
} 
This function is responsible for updating the session 
function Update () { 
  if ($this->sid!== null) { 
   $data = daddslashes ($this->var); C16/>if ($this->isnew) { 
    $this->delete (); 
    Db::insert (' common_session ', $data, False, False, true); 
   } else { 
    db::update (' common_session ', $data, ' sid= ' $data [Sid] '); 
   } 
   Dsetcookie (' Sid ', $this->sid, 86400); 
  } 
 

So far we know the specific function of the session insert database, and the contact with the COOKIE, but it is not clear how to trigger this operation.
Open source/function/function_core.php file, find function, updatesession, this function is responsible for updating session:

function Updatesession ($force = False) { 
 global $_g; 
 static $updated = false; 
 if (! $updated) { 
  $discuz = & Discuz_core::instance (); 
  foreach ($discuz->session->var as $k => $v) { 
   if isset ($_g[' member ' [$k]) && $k!= ' lastactivity ') { 
    $discuz->session->set ($k, $_g[' member ' [$k]); 
   } 
  foreach ($_g[' action '] as $k => $v) { 
   $discuz->session->set ($k, $v); 
  $discuz->session->update (); 
  $updated = true; 
 } 
 return $updated; 
}

We search this function in the program source code, you can see in many templates have the following sentence:

Copy Code code as follows:

{eval updatesession ();}

This function is triggered when the page is browsed, and the session is written to the database.

Organize your thoughts:

The first step: User login, the program will write cookies to the client, these cookies are part of the session data, such as Sid, IP, time, does not contain user names, passwords and other key information.

The second step, after the successful login, the program will automatically refresh the page, send the request to the server again, the server loaded Discuz_core core class, and read from the COOKIE to the session information, but has not been written to the database.

The third step, the core class loading complete, the program continues to execute, the last load template, triggering updatesession function, session is written to the database.

I hope this article will help you with your PHP program design.