/**
* Get current application user
*
* @return User
*/
public static function currentUser()
{
if (Common::checkAuthorization()) {
$user = User::find_by_id($_SESSION['user']);
return $user;
}
return null;
}
/**
* Perform user authorisation.
*
* @param string $login
* @param string $password
* @return bool
*/
public static function doAuthorisation($login = '', $password = '')
{
$user = User::find_by_login_and_password($login, Common::getPasswordHash($password, $login));
if ($user) {
$_SESSION['user'] = $user->id;
$_SESSION['login'] = $user->login;
$session = Session::find_by_user_and_agent($user->id, $_SERVER['HTTP_USER_AGENT']);
if (!$session) {
$session = Session::create(array('user' => $user->id, 'agent' => $_SERVER['HTTP_USER_AGENT']));
}
$session->save();
$_SESSION['session'] = $session->id;
setcookie("u", $user->id, time() + 3600 * 24 * 14);
setcookie("s", md5($session->id), time() + 3600 * 24 * 14);
return true;
}
return false;
}
/**
* DELETE method: Close current session.
*
* @param Request $request
* @throws Exception
* @return mixed
*/
public function delete($request)
{
switch (count($request->url_elements)) {
case 1:
if (Common::checkAuthorization()) {
$session = Session::find_by_id($_SESSION['session']);
if ($session) {
$session->delete();
session_destroy();
setcookie("u", '', time() - 3600);
setcookie("s", '', time() - 3600);
return json_decode($session->to_json());
} else {
throw new Exception("Session not found.", 404);
}
} else {
throw new Exception("Authorisation required.", 403);
}
default:
throw new Exception("Unknown request.", 500);
}
}
/**
* PUT method: Update information about user
*
* @param Request $request
* @throws Exception
* @return mixed
*/
public function put($request)
{
switch (count($request->url_elements)) {
case 2:
// Guest - throw Exception
if (Application::isGuest()) {
throw new Exception("Unknown request.", 500);
}
// Don't have permissions - throw Exception
if (!Application::isAdmin() && Application::currentUser()->id != $request->url_elements[1]) {
throw new Exception("You don't have required permissions to update this user.", 403);
}
// Change login to exists one - throw Exception
if ($request->json->login && count(User::find('all', array('conditions' => array('login=?', $request->json->login)))) > 0) {
throw new Exception("Change login failed. User with this login already exists.", 500);
}
// Like success - update user information & return
$user = User::find_by_id($request->url_elements[1]);
if ($user) {
$user->login = $request->json->login ? $request->json->login : $user->login;
$user->password = $request->json->password ? Common::getPasswordHash($request->json->password, $request->json->login) : $user->password;
$user->save();
return json_decode($user->to_json(array('except' => 'password')));
} else {
throw new Exception("User not found.", 404);
}
default:
throw new Exception("Unknown request.", 500);
}
}
