/** * Class constructor * * @param string $readOnly If readOnly is true, don't refresh the user's expire time. */ public function __construct($readOnly = false) { session_start(); $config = new Config(); $this->_config = $config; // Users are always authorized if the configuration tells us to skip authentication. if ($config->getSkipAuth()) { return; } self::$_userId = $config->getUserId(); self::$_password = $config->getUserPassword(); if ($this->isAuthorized($readOnly)) { if (isset($_POST['auth_username']) && isset($_POST['auth_password']) && !$readOnly) { // User is logging in. $authTicket = bin2hex(openssl_random_pseudo_bytes(32)); $atc = new AuthTicketController(); $atm = new AuthTicketModel(); $atm->setAuthTicket($authTicket); $atc->add($atm); $userId = self::$_userId; $now = date("Y-m-d H:i:s"); $out = "{$now}: Login detected for {$userId} with {$authTicket}." . PHP_EOL; file_put_contents("login.log", $out, FILE_APPEND); self::$_authTicket = $authTicket; $_SESSION['auth_ticket'] = self::$_authTicket; } } }