/**
* Check user authorisation.
*
* @return bool
*/
public static function checkAuthorization()
{
if (isset($_SESSION['user']) && isset($_SESSION['login'])) {
return true;
} else {
if (isset($_COOKIE['u']) and isset($_COOKIE['s'])) {
$session = Session::find_by_user_and_agent($_COOKIE['u'], $_SERVER['HTTP_USER_AGENT']);
if ($session) {
if (md5($session->id) == $_COOKIE['s']) {
$user = User::find_by_id($_COOKIE['u']);
if ($user) {
$_SESSION['session'] = $session->id;
$_SESSION['user'] = $user->id;
$_SESSION['login'] = $user->login;
setcookie("u", $user->id, time() + 3600 * 24 * 14);
setcookie("s", md5($session->id), time() + 3600 * 24 * 14);
return true;
}
} else {
$session->delete();
}
}
}
}
return false;
}
/**
* Get current application user
*
* @return User
*/
public static function currentUser()
{
if (Common::checkAuthorization()) {
$user = User::find_by_id($_SESSION['user']);
return $user;
}
return null;
}
/**
* DELETE method: Delete user
*
* @param Request $request
* @throws Exception
* @return mixed
*/
public function delete($request)
{
switch (count($request->url_elements)) {
case 2:
// Don't have permissions - throw Exception
if (!Application::isAdmin()) {
throw new Exception("You don't have required permissions to update this user.", 403);
}
// Like success - delete user & return
$user = User::find_by_id($request->url_elements[1]);
if ($user) {
$user->delete();
return json_decode($user->to_json(array('except' => 'password')));
} else {
throw new Exception("User not found.", 404);
}
default:
throw new Exception("Unknown request.", 500);
}
}
