我正在努力让我们的自定义代码脱离核心。
在此功能中,我捕获旧的会话ID,以更新用户在未登录时可能正在处理的项目。
function user_authenticate_finalize(&$edit) {
global $user;
watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
// Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links.
$user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
$old_session_id = session_id(); //THIS LINE NEEDS TO BE MOVED
// Regenerate the session ID to prevent against session fixation attacks.
sess_regenerate();
tf_user_new_session_id($user, $old_session_id); //THIS LINE NEEDS TO BE MOVED
user_module_invoke('login', $edit, $user);
}
sess_regenerate();
之前和之后的行答案 0 :(得分:0)
据我所知,您必须编写自己的登录过程才能在D6中完全实现。我可能会做一个hook_form_alter()并用我自己的方法替换登录表单上的提交处理程序。
答案 1 :(得分:0)
function tf_user_user($op, &$edit, &$account, $category = NULL)
{
$current_session = session_id();
if ('login' == $op)
{
setcookie('session_id_anonymous', $current_session, time() + 86400);
}
if ('load' == $op)
{
if (isset($_COOKIE['session_id_anonymous']) && $_COOKIE['session_id_anonymous'] != $current_session)
{
tf_user_new_session_id($account->uid, $_COOKIE['session_id_anonymous'], $current_session);
setcookie('session_id_anonymous', $current_session, time() - 3600);
}
}
//more code
}