function user_Auth()
{
userSession_Start();
// IP Check. If different, expire the session
if (!isset($_SESSION['ip']) || $_SESSION['ip'] !== $_SERVER['REMOTE_ADDR']) {
session_destroy();
}
userSession_End();
// Refresh cookie lifetime
// If session is set, lookup the node, and permissions
if (user_AuthIsUser()) {
// Lookup user
//$_SESSION['node'] =
// Extract Permissions
// Is Admin?
}
}
// lookup all addresses associated with that user
// extract node, hash, and secret
}
}
// Bail if no user was found, or if their node is zero (not associated with an account)
if (!isset($user) || !($user['node'] > 0)) {
json_EmitFatalError_Permission(null, $RESPONSE);
}
// If hashes match, it's a success, so log the user in
if (isset($user['hash']) && userPassword_Verify($pw, $user['hash'])) {
// Does the user have a secret?
// Success
userSession_Start();
$_SESSION['id'] = $user['node'];
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
userSession_End();
break;
}
// Permission denied on fail
json_EmitFatalError_Permission(null, $RESPONSE);
break;
case 'logout':
break;
// case 'get':
// json_ValidateHTTPMethod('GET');
//
// $RESPONSE['user'] = user_GetByNode(0);
//
////
//// if ( user_AuthIsAdmin() ) {
//// $RESPONSE['global'] = $SH;