Home » API reference » Drupal 5

services.module

Tracking 5.x-1.x branch
  1. drupal
    1. 5 contributions/services/services.module
    2. 6 contributions/services/services.module
    3. 7 contributions/services/services.module

The module which provides the core code for drupal services

This module is responsible for calling the appropriate method, expose servers and determining what data must be present in a service call

Functions & methods

NameDescription
services_admin_jsUI enhancement for services page
services_admin_settings
services_cronImplementation of hook_cron().
services_crossdomain_xml
services_errorPrepare an error message for returning to the XMLRPC caller.
services_get_allThis should probably be cached in drupal cache.
services_get_key
services_get_keys
services_get_server_info
services_helpImplementation of hook_help().
services_menuImplementation of hook_menu.
services_method_callThis is the magic function through which all remote method calls must pass.
services_method_get
services_node_loadMake any changes we might want to make to node.
services_permImplementation of hook_perm().
services_serverCallback for server endpoint.
services_session_loadBackup current session data and import user session.
services_session_unloadRevert to previously backuped session.
services_set_server_info
services_validate_key
services_xml_output

File

View source
  1. <?php

  2. 

  3. /**

  4.  * @file

  5.  * The module which provides the core code for drupal services

  6.  * 

  7.  * This module is responsible for calling the appropriate method,

  8.  * expose servers and determining what data must be present in a service call

  9.  */

  10. 

  11. /**

  12.  * Implementation of hook_help().

  13.  */

  14. function services_help($section) {

  15.   switch ($section) {

  16.     case 'admin/help#services':

  17.       return '<p>'. t('Visit the <a href="@handbook_url">Services Handbook</a> for help and information.', array('@handbook_url' => 'http://drupal.org/node/109782')) .'</p>';

  18.     

  19.     case 'admin/build/services':

  20.     case 'admin/build/services/browse':

  21.       $output = '<p>'. t('Services are collections of methods available to remote applications. They are defined in modules, and may be accessed in a number of ways through server modules. Visit the <a href="@handbook_url">Services Handbook</a> for help and information.', array('@handbook_url' => 'http://drupal.org/node/109782')) .'</p>';

  22.       $output .= '<p>'. t('All enabled services and methods are shown. Click on any method to view information or test.') .'</p>';

  23.       return $output;

  24.       

  25.     case 'admin/build/services/keys':

  26.       return t('An API key is required to allow an application to access Drupal remotely.');

  27.       

  28.   }

  29. }

  30. 

  31. /**

  32.  * Implementation of hook_perm().

  33.  */

  34. function services_perm() { 

  35.   return array('access services', 'administer services'); 

  36. }

  37. 

  38. /**

  39.  * Implementation of hook_menu.

  40.  */

  41. function services_menu($may_cache) {

  42.   $items = array();

  43.   $access = user_access('access services');

  44.   $admin_access = user_access('administer services');

  45.   $path = drupal_get_path('module', 'services');

  46.   

  47.   if ($may_cache) {

  48.     // admin

  49.     $items[] = array(

  50.       'path' => 'admin/build/services', 

  51.       'title' => t('Services'),

  52.       'access' => $admin_access,

  53.       'callback' => 'services_admin_browse_index',

  54.       'description' => t('Allows external applications to communicate with Drupal.'),

  55.     );

  56.     

  57.     // browse

  58.     $items[] = array(

  59.       'path' => 'admin/build/services/browse', 

  60.       'title' => t('Browse'),

  61.       'access' => $admin_access,

  62.       'callback' => 'services_admin_browse_index',

  63.       'description' => t('Browse and test available remote services.'),

  64.       'type' => MENU_DEFAULT_LOCAL_TASK

  65.     );

  66.     

  67.     // API Keys

  68.     if (variable_get('services_use_key', TRUE)) {

  69.       $items[] = array(

  70.         'path' => 'admin/build/services/keys', 

  71.         'title' => t('Keys'),

  72.         'access' => $admin_access,

  73.         'callback' => 'services_admin_keys_list',

  74.         'description' => t('Manage application access to site services.'),

  75.         'type' => MENU_LOCAL_TASK,

  76.       );

  77.       $items[] = array(

  78.         'path' => 'admin/build/services/keys/list', 

  79.         'title' => t('List'),

  80.         'access' => $admin_access,

  81.         'type' => MENU_DEFAULT_LOCAL_TASK,

  82.         'weight' => -10,

  83.       );

  84.       $items[] = array(

  85.         'path' => 'admin/build/services/keys/add', 

  86.         'title' => t('Create key'),

  87.         'access' => $admin_access,

  88.         'callback' => 'drupal_get_form',

  89.         'callback arguments' => array('services_admin_keys_form'),

  90.         'type' => MENU_LOCAL_TASK,

  91.       );

  92.     }

  93.     

  94.     // Settings

  95.     $items[] = array(

  96.       'path' => 'admin/build/services/settings', 

  97.       'title' => t('Settings'),

  98.       'access' => $admin_access,

  99.       'callback' => 'drupal_get_form',

  100.       'callback arguments' => 'services_admin_settings',

  101.       'description' => t('Configure service settings.'),

  102.       'type' => MENU_LOCAL_TASK,

  103.     );

  104.     $items[] = array(

  105.       'path' => 'admin/build/services/settings/general', 

  106.       'title' => t('General'),

  107.       'access' => $admin_access,

  108.       'callback' => 'drupal_get_form',

  109.       'callback arguments' => 'services_admin_settings',

  110.       'description' => t('Configure service settings.'),

  111.       'type' => MENU_DEFAULT_LOCAL_TASK,

  112.       'weight' => -10,

  113.     );

  114.     

  115.     // crossdomain.xml

  116.     $items[] = array(

  117.       'path' => 'crossdomain.xml',

  118.       'access' => $access,

  119.       'callback' => 'services_crossdomain_xml',

  120.       'type' => MENU_CALLBACK,

  121.     );

  122.   }

  123.   else {

  124.     

  125.     if (arg(0) == 'services') {

  126.       // server

  127.       foreach (module_implements('server_info') as $module) {

  128.         $info = module_invoke($module, 'server_info');

  129.         if ($info['#path'] == arg(1)) {

  130.           $items[] = array(

  131.             'path' => 'services/'. $info['#path'], 

  132.             'title' => t('Services'),

  133.             'access' => $access,

  134.             'callback' => 'services_server',

  135.             'callback arguments' => array($module),

  136.             'type' => MENU_CALLBACK,

  137.           );

  138.         }

  139.       }

  140.     }

  141.     

  142.     

  143.     // admin

  144.     if (arg(0) == 'admin' && arg(1) == 'build' && arg(2) == 'services') {

  145.       

  146.       // browse

  147.       if (arg(3) == 'browse' || !arg(3)) {

  148.         

  149.         require_once "$path/services_admin_browse.inc";

  150.         

  151.         if (arg(4)) {

  152.           $items[] = array(

  153.             'path' => 'admin/build/services/browse/'. arg(4), 

  154.             'title' => arg(4),

  155.             'access' => $admin_access,

  156.             'callback' => 'services_admin_browse_method',

  157.             'type' => MENU_LOCAL_TASK

  158.           );

  159.         }

  160. 

  161.         drupal_add_css("$path/services.css", 'module');

  162.       }

  163.       

  164.       // keys

  165.       if (arg(3) == 'keys' && variable_get('services_use_key', TRUE)) {

  166.         

  167.         require_once "$path/services_admin_keys.inc";

  168. 

  169.         if ($key = services_get_key(arg(4))) {

  170. 

  171.           if (!empty($key)) {

  172.             $items[] = array(

  173.               'path' => 'admin/build/services/keys/'. $key->kid,

  174.               'title' => t('Edit key'),

  175.               'access' => $admin_access,

  176.               'callback' => 'drupal_get_form',

  177.               'callback arguments' => array('services_admin_keys_form', $key),

  178.               'type' => MENU_CALLBACK,

  179.             );

  180.             $items[] = array(

  181.               'path' => 'admin/build/services/keys/'. $key->kid .'/delete',

  182.               'title' => '',

  183.               'access' => $admin_access,

  184.               'callback' => 'drupal_get_form',

  185.               'callback arguments' => array('services_admin_keys_delete_confirm', $key),

  186.               'type' => MENU_CALLBACK,

  187.             );

  188.           }

  189.         }

  190.       }

  191.     }

  192.   }

  193.   

  194.   return $items;

  195. }

  196. 

  197. /*

  198.  * Callback for admin page.

  199.  */

  200. function services_admin_settings() {

  201.   $node_types = node_get_types('names');

  202.   $defaults = isset($node_types['blog']) ? array('blog' => 1) : array();

  203.   $form['security'] = array(

  204.     '#title' => t('Security'),

  205.     '#type' => 'fieldset',

  206.     '#description' => t('Changing security settings will require you to adjust all method calls. This will affect all applications using site services.'),

  207.   );

  208.   $form['security']['services_use_key'] = array(

  209.     '#type' => 'checkbox',

  210.     '#title' => t('Use keys'),

  211.     '#default_value' => variable_get('services_use_key', TRUE),

  212.     '#description' => t('When enabled all method calls need to provide a validation token to autheciate themselves with the server.')

  213.   );

  214.   $form['security']['services_key_expiry'] = array(

  215.     '#type' => 'textfield',

  216.     '#prefix' => "<div id='services-key-expiry'>",

  217.     '#suffix' => "</div>",

  218.     '#title' => t('Token expiry time'),

  219.     '#default_value' => variable_get('services_key_expiry', 30),

  220.     '#description' => t('The time frame for which the token will be valid. Default is 30 secs')

  221.   );

  222.   $form['security']['services_use_sessid'] = array(

  223.     '#type' => 'checkbox',

  224.     '#title' => t('Use sessid'),

  225.     '#default_value' => variable_get('services_use_sessid', TRUE),

  226.     '#description' => t('When enabled, all method calls must include a valid sessid. Only disable this setting if the application will use browser-based cookies.')

  227.   );  

  228.   

  229.   $form['#pre_render'][] = 'services_admin_js';

  230.   

  231.   return system_settings_form($form);

  232. }

  233. 

  234. /**

  235.  * UI enhancement for services page

  236.  */

  237. function services_admin_js($form_id, $form) {

  238.   $out = <<<EOJS

  239.   $(document).ready(function() {

  240.     $("#services-key-expiry")[$("#edit-services-use-key").attr('checked') ? 'show' : 'hide']();

  241.     $("#edit-services-use-key").click(function() {

  242.       $("#services-key-expiry")[$(this).attr('checked') ? 'show' : 'hide']();

  243.    });

  244.   });

  245. EOJS;

  246.   drupal_add_js($out, 'inline', 'footer');

  247. }

  248. 

  249. /**

  250.  * Callback for server endpoint.

  251.  */

  252. function services_server($module = NULL) {

  253.   services_set_server_info($module);

  254.   print module_invoke($module, 'server');

  255.   

  256.   // Do not let this output.

  257.   exit;

  258. }

  259. 

  260. /*

  261.  * Callback for crossdomain.xml.

  262.  */

  263. function services_crossdomain_xml() {

  264.   global $base_url;

  265.   $output = '<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">'."\n";

  266.   $output .= '<cross-domain-policy>'."\n";

  267.   $output .= '  <allow-access-from domain="'. check_plain($_SERVER['HTTP_HOST']) .'" />'."\n";

  268.   $output .= '  <allow-access-from domain="*.'. check_plain($_SERVER['HTTP_HOST']) .'" />'."\n";

  269.   

  270.   $keys = services_get_keys();

  271.   

  272.   foreach ($keys as $key) {

  273.     if (!empty($key->domain)) {

  274.       $output .= '  <allow-access-from domain="'. check_plain($key->domain) .'" />'."\n";

  275.       $output .= '  <allow-access-from domain="*.'. check_plain($key->domain) .'" />'."\n";

  276.     }

  277.   }

  278.   

  279.   $output .= '</cross-domain-policy>';

  280.   

  281.   services_xml_output($output);

  282. }

  283. 

  284. function services_xml_output($xml) {

  285.   $xml = '<?xml version="1.0"?>'."\n". $xml;

  286.   header('Connection: close');

  287.   header('Content-Length: '. strlen($xml));

  288.   header('Content-Type: text/xml');

  289.   header('Date: '. date('r'));

  290.   echo $xml;

  291.   exit;

  292. }

  293. 

  294. function services_set_server_info($module) {

  295.   $server_info = new stdClass();

  296.   $server_info->module = $module;

  297.   $server_info->drupal_path = getcwd();

  298.   return services_get_server_info($server_info);

  299. }

  300. 

  301. function services_get_server_info($server_info = NULL) {

  302.   static $info;

  303.   if (!$info && $server_info) {

  304.     $info = $server_info;

  305.   }

  306.   return $info;

  307. }

  308. 

  309. /**

  310.  * Prepare an error message for returning to the XMLRPC caller.

  311.  */

  312. function services_error($message) {

  313.   $server_info = services_get_server_info();

  314.     

  315.   // Look for custom error handling function.

  316.   // Should be defined in each server module.

  317.   if ($server_info && module_hook($server_info->module, 'server_error')) {

  318.     return module_invoke($server_info->module, 'server_error', $message);

  319.   }

  320.   

  321.   // No custom error handling function found.

  322.   return $message;

  323. }

  324. 

  325. /**

  326.  * Implementation of hook_cron().

  327.  *

  328.  * Clear down old values from the nonce table.

  329.  */

  330. function services_cron() {

  331.   

  332.   $expiry_time = time() - variable_get('services_key_expiry', 30);

  333.   db_query("DELETE FROM {services_timestamp_nonce} WHERE timestamp < '%s'", $expiry_time);

  334. }

  335. 

  336. /**

  337.  * This is the magic function through which all remote method calls must pass.

  338.  */

  339. function services_method_call($method_name, $args = array(), $ignore_hash = FALSE) {

  340.   $method = services_method_get($method_name);

  341.   

  342.   // Check that method exists.

  343.   if (empty($method)) {

  344.     return services_error(t('Method %name does not exist.', array('%name' => $method_name)));

  345.   }

  346.   

  347.   // Check for missing args and identify if arg is required in the hash.

  348.   $hash_parameters = array();

  349.   foreach ($method['#args'] as $key => $arg) {

  350.     if (!$arg['#optional']) {

  351.       if (!isset($args[$key]) && !is_array($args[$key]) && !is_bool($args[$key])) {

  352.         if ($arg['#name'] == 'sessid' && session_id()) {

  353.           $args[$key] = session_id();

  354.         } 

  355.         else {

  356.           return services_error(t('Missing required arguments.'));

  357.         }

  358.       }

  359.     }

  360.     // Key is part of the hash

  361.     if ($arg['#signed'] == TRUE && variable_get('services_use_key', TRUE)) {

  362.       if (is_numeric($args[$key]) || !empty($args[$key])) {

  363.         if (is_array($args[$key]) || is_object($args[$key])){

  364.           $hash_parameters[] = serialize($args[$key]);

  365.         }

  366.         else{

  367.           $hash_parameters[] = $args[$key];

  368.         }

  369.       }

  370.       else{

  371.         $hash_parameters[] = '';

  372.       }

  373.     }

  374.   }

  375.   

  376.   // Add additonal processing for methods requiring api key.

  377.   if ($method['#key'] && variable_get('services_use_key', TRUE)) {

  378.     $hash = array_shift($args);

  379.     $domain = array_shift($args);

  380.     $timestamp = array_shift($args);

  381.     $nonce = array_shift($args);

  382.         

  383.     $expiry_time = $timestamp + variable_get('services_key_expiry', 30);

  384.     

  385.     if ($expiry_time < time()) {

  386.       return services_error(t('Token has expired.'));

  387.     }

  388.     

  389.     // Still in time but has it been used before

  390.     if (db_result(db_query("SELECT count(*) FROM {services_timestamp_nonce} WHERE domain = '%s' AND timestamp = %d AND nonce = '%s'", $domain, $timestamp, $nonce))) {

  391.       return services_error(t('Token has been used previously for a request.'));

  392.     }

  393.     else{

  394.       db_query("INSERT INTO {services_timestamp_nonce} (domain, timestamp, nonce) VALUES ('%s', %d, '%s')", $domain, $timestamp, $nonce);      

  395.     }

  396.     

  397.     $api_key = db_result(db_query("SELECT kid FROM {services_keys} WHERE domain = '%s'", $domain));

  398.     if (!services_validate_key($api_key, $timestamp, $domain, $nonce, $method_name, $hash_parameters, $hash)) {

  399.       return services_error(t('Invalid API key.'));

  400.     }

  401.   }

  402.   

  403.   // Add additonal processing for methods requiring authentication.

  404.   $session_backup = NULL;

  405.   if ($method['#auth'] && variable_get('services_use_sessid', TRUE)) {

  406.     $sessid = array_shift($args);

  407.     if (empty($sessid)) {

  408.       return services_error(t('Invalid sessid.'));

  409.     }

  410.     $session_backup = services_session_load($sessid);

  411.   }

  412.   

  413.   // Check access

  414.   $access_arguments = isset($method['#access arguments']) ? $method['#access arguments'] : $args;

  415.   // Call default or custom access callback

  416.   if (call_user_func_array($method['#access callback'], $access_arguments) != TRUE) {

  417.     return services_error(t('Access denied.'));

  418.   }

  419.   

  420.   // Change working directory to drupal root to call drupal function,

  421.   // then change it back to server module root to handle return.

  422.   $server_root = getcwd();

  423.   $server_info = services_get_server_info();

  424.   if ($server_info) {

  425.     chdir($server_info->drupal_path);

  426.   }

  427.   $result = call_user_func_array($method['#callback'], $args);

  428.   if ($server_info) {

  429.     chdir($server_root);

  430.   }

  431. 

  432.   // Add additonal processing for methods requiring authentication.

  433.   if ($session_backup !== NULL) {

  434.     services_session_unload($session_backup);

  435.   }

  436. 

  437.   return $result;

  438. }

  439. 

  440. /**

  441.    * This should probably be cached in drupal cache.

  442.  */

  443. function services_get_all() {

  444.   static $methods_cache;

  445.   if (!isset($methods_cache)) {

  446.     $methods = module_invoke_all('service');

  447.     

  448.     // api_key arg

  449.     $arg_api_key = array(

  450.       '#name' => 'hash',

  451.       '#type' => 'string',

  452.       '#description' => t('A valid API key.'),

  453.     );

  454.     

  455.     // sessid arg

  456.     $arg_sessid = array(

  457.       '#name' => 'sessid',

  458.       '#type' => 'string',

  459.       '#description' => t('A valid sessid.'),

  460.     );

  461.     

  462.     // domain arg

  463.     $arg_domain_name = array(

  464.       '#name' => 'domain_name',

  465.       '#type' => 'string',

  466.       '#description' => t('A valid domain for the API key.'),

  467.     );

  468.     

  469.     $arg_domain_time_stamp = array(

  470.       '#name' => 'domain_time_stamp',

  471.       '#type' => 'string',

  472.       '#description' => t('Time stamp used to hash key.'),

  473.     );

  474.     

  475.     $arg_nonce = array(

  476.       '#name' => 'nonce',

  477.       '#type' => 'string',

  478.       '#description' => t('One time use nonce also used hash key.'),

  479.     );

  480.     

  481.     foreach ($methods as $key => $method) {

  482.       

  483.       // set method defaults

  484.       if (!isset($methods[$key]['#auth'])) {

  485.         $methods[$key]['#auth'] = TRUE;

  486.       }

  487.       

  488.       if (!isset($methods[$key]['#key'])) { 

  489.         $methods[$key]['#key'] = TRUE; 

  490.       }

  491.       

  492.       if (!isset($methods[$key]['#access callback'])) {

  493.         $methods[$key]['#access callback'] = 'user_access';

  494.         if (!isset($methods[$key]['#access arguments'])) {

  495.           $methods[$key]['#access arguments'] = array('access services');

  496.         }

  497.       }

  498. 

  499.       if (!isset($methods[$key]['#args'])) {

  500.         $methods[$key]['#args'] = array();

  501.       }

  502.       

  503.       if ($methods[$key]['#auth'] && variable_get('services_use_sessid', TRUE)) {

  504.         $methods[$key]['#args'] = array_merge(array($arg_sessid), $methods[$key]['#args']);

  505.       }

  506.       

  507.       if ($methods[$key]['#key'] && variable_get('services_use_key', TRUE)) {

  508.         $methods[$key]['#args'] = array_merge(array($arg_nonce), $methods[$key]['#args']);

  509.         $methods[$key]['#args'] = array_merge(array($arg_domain_time_stamp), $methods[$key]['#args']);

  510.         $methods[$key]['#args'] = array_merge(array($arg_domain_name), $methods[$key]['#args']);

  511.         $methods[$key]['#args'] = array_merge(array($arg_api_key), $methods[$key]['#args']);

  512.       }

  513.       

  514.       // set defaults for args

  515.       foreach ($methods[$key]['#args'] as $arg_key => $arg) {

  516.         if (is_array($arg)) {

  517.           if (!isset($arg['#optional'])) {

  518.             $methods[$key]['#args'][$arg_key]['#optional'] = FALSE;

  519.           }

  520.         }

  521.         else {

  522.           $arr_arg = array();

  523.           $arr_arg['#name'] = t('unnamed');

  524.           $arr_arg['#type'] = $arg;

  525.           $arr_arg['#description'] = t('No description given.');

  526.           $arr_arg['#optional'] = FALSE;

  527.           $methods[$key]['#args'][$arg_key] = $arr_arg;

  528.         }

  529.       }

  530.       reset($methods[$key]['#args']);

  531.     }

  532.     $methods_cache = $methods;

  533.   }

  534.   return $methods_cache;

  535. }

  536. 

  537. function services_method_get($method_name) {

  538.   static $method_cache;

  539.   if (!isset($method_cache[$method_name])) {

  540.     foreach (services_get_all() as $method) {

  541.       if ($method_name == $method['#method']) {

  542.         $method_cache[$method_name] = $method;

  543.         break;

  544.       }

  545.     }

  546.   }

  547.   return $method_cache[$method_name];

  548. }

  549. 

  550. function services_validate_key($kid, $timestamp, $domain, $nonce, $method_name, $hash_parameters, $hash) {  

  551.   $hash_parameters = array_merge(array($timestamp, $domain, $nonce, $method_name), $hash_parameters);

  552.   $rehash = hash_hmac("sha256", implode(';', $hash_parameters), $kid);

  553.   return $rehash == $hash;

  554. }

  555. 

  556. function services_get_key($kid) {

  557.   $keys = services_get_keys();

  558.   foreach ($keys as $key) {

  559.     if ($key->kid == $kid) {

  560.       return $key;

  561.     }

  562.   }

  563. }

  564. 

  565. function services_get_keys() {

  566.   static $keys;

  567.   if (!$keys) {

  568.     $keys = array();

  569.     $result = db_query("SELECT * FROM {services_keys}");

  570.     while ($key = db_fetch_object($result)) {

  571.       $keys[$key->kid] = $key;

  572.     }

  573.   }

  574.   return $keys;

  575. }

  576. 

  577. /**

  578.  * Make any changes we might want to make to node.

  579.  */

  580. function services_node_load($node, $fields = array()) {

  581.   if (!$node->nid) {

  582.     return NULL;

  583.   }

  584.   

  585.   // Loop through and get only requested fields.

  586.   if (count($fields) > 0) {

  587.     foreach ($fields as $field) {

  588.       $val->{$field} = $node->{$field};

  589.     }

  590.   } 

  591.   else {

  592.     $val = $node;

  593.   }

  594. 

  595.   return $val;

  596. }

  597. 

  598. /**

  599.  * Backup current session data and import user session.

  600.  */

  601. function services_session_load($sessid) {

  602.   global $user;

  603. 

  604.   // If user's session is already loaded, just return current user's data

  605.   if ($user->sid == $sessid) {

  606.     return $user;

  607.   }

  608. 

  609.   // Make backup of current user and session data

  610.   $backup = $user;

  611.   $backup->session = session_encode();

  612. 

  613.   // Empty current session data

  614.   foreach ($_SESSION as $key => $value) {

  615.     unset($_SESSION[$key]);

  616.   }

  617. 

  618.   // Some client/servers, like XMLRPC, do not handle cookies, so imitate it to make sess_read() function try to look for user,

  619.   // instead of just loading anonymous user :).

  620.   if (!isset($_COOKIE[session_name()])) $_COOKIE[session_name()] = $sessid;

  621. 

  622.   // Load session data

  623.   session_id($sessid);

  624.   sess_read($sessid);

  625. 

  626.   // Check if it really loaded user and, for additional security, if user was logged from the same IP. If not, then revert automatically.

  627.   if ($user->sid != $sessid) {

  628.     services_session_unload($backup);

  629.     return NULL;

  630.   }

  631. 

  632.   return $backup;

  633. }

  634. 

  635. /**

  636.  * Revert to previously backuped session.

  637.  */

  638. function services_session_unload($backup) {

  639.   global $user;

  640. 

  641.   // No point in reverting if it's the same user's data

  642.   if ($user->sid == $backup->sid) {

  643.     return;

  644.   }

  645. 

  646.   // Some client/servers, like XMLRPC, do not handle cookies, so imitate it to make sess_read() function try to look for user,

  647.   // instead of just loading anonymous user :).

  648.   if (!isset($_COOKIE[session_name()])) $_COOKIE[session_name()] = $sessid;

  649. 

  650.   // Save current session data

  651.   sess_write($user->sid, session_encode());

  652. 

  653.   // Empty current session data

  654.   foreach ($_SESSION as $key => $value) {

  655.     unset($_SESSION[$key]);

  656.   }

  657. 

  658.   // Revert to previous user and session data

  659.   $user = $backup;

  660.   session_id($backup->sessid);

  661.   session_decode($user->session);

  662. }

  663. 

  664.