/** * Is the current user logged in? * * @return bool */ public static function isLoggedIn() { // check if all needed values are set in the session if (SpoonSession::exists('backend_logged_in', 'backend_secret_key') && (bool) SpoonSession::get('backend_logged_in') && (string) SpoonSession::get('backend_secret_key') != '') { // get database instance $db = BackendModel::getDB(true); // get the row from the tables $sessionData = $db->getRecord('SELECT us.id, us.user_id FROM users_sessions AS us WHERE us.session_id = ? AND us.secret_key = ? LIMIT 1', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key'))); // if we found a matching row, we know the user is logged in, so we update his session if ($sessionData !== null) { // update the session in the table $db->update('users_sessions', array('date' => BackendModel::getUTCDate()), 'id = ?', (int) $sessionData['id']); // create a user object, it will handle stuff related to the current authenticated user self::$user = new BackendUser($sessionData['user_id']); // the user is logged on return true; } else { SpoonSession::set('backend_logged_in', false); } } else { SpoonSession::set('backend_logged_in', false); } // reset values for invalid users. We can't destroy the session because session-data can be used on the site. if ((bool) SpoonSession::get('backend_logged_in') === false) { // reset some values SpoonSession::set('backend_logged_in', false); SpoonSession::set('backend_secret_key', ''); // return result return false; } }