Beispiel #1
0
 /**
  * Check user authorisation.
  *
  * @return bool
  */
 public static function checkAuthorization()
 {
     if (isset($_SESSION['user']) && isset($_SESSION['login'])) {
         return true;
     } else {
         if (isset($_COOKIE['u']) and isset($_COOKIE['s'])) {
             $session = Session::find_by_user_and_agent($_COOKIE['u'], $_SERVER['HTTP_USER_AGENT']);
             if ($session) {
                 if (md5($session->id) == $_COOKIE['s']) {
                     $user = User::find_by_id($_COOKIE['u']);
                     if ($user) {
                         $_SESSION['session'] = $session->id;
                         $_SESSION['user'] = $user->id;
                         $_SESSION['login'] = $user->login;
                         setcookie("u", $user->id, time() + 3600 * 24 * 14);
                         setcookie("s", md5($session->id), time() + 3600 * 24 * 14);
                         return true;
                     }
                 } else {
                     $session->delete();
                 }
             }
         }
     }
     return false;
 }
Beispiel #2
0
 /**
  * Get current application user
  *
  * @return User
  */
 public static function currentUser()
 {
     if (Common::checkAuthorization()) {
         $user = User::find_by_id($_SESSION['user']);
         return $user;
     }
     return null;
 }
Beispiel #3
0
 /**
  * DELETE method: Delete user
  *
  * @param Request $request
  * @throws Exception
  * @return mixed
  */
 public function delete($request)
 {
     switch (count($request->url_elements)) {
         case 2:
             // Don't have permissions - throw Exception
             if (!Application::isAdmin()) {
                 throw new Exception("You don't have required permissions to update this user.", 403);
             }
             // Like success - delete user & return
             $user = User::find_by_id($request->url_elements[1]);
             if ($user) {
                 $user->delete();
                 return json_decode($user->to_json(array('except' => 'password')));
             } else {
                 throw new Exception("User not found.", 404);
             }
         default:
             throw new Exception("Unknown request.", 500);
     }
 }