/**
* Class constructor
*
* @param string $readOnly If readOnly is true, don't refresh the user's expire time.
*/
public function __construct($readOnly = false)
{
session_start();
$config = new Config();
$this->_config = $config;
// Users are always authorized if the configuration tells us to skip authentication.
if ($config->getSkipAuth()) {
return;
}
self::$_userId = $config->getUserId();
self::$_password = $config->getUserPassword();
if ($this->isAuthorized($readOnly)) {
if (isset($_POST['auth_username']) && isset($_POST['auth_password']) && !$readOnly) {
// User is logging in.
$authTicket = bin2hex(openssl_random_pseudo_bytes(32));
$atc = new AuthTicketController();
$atm = new AuthTicketModel();
$atm->setAuthTicket($authTicket);
$atc->add($atm);
$userId = self::$_userId;
$now = date("Y-m-d H:i:s");
$out = "{$now}: Login detected for {$userId} with {$authTicket}." . PHP_EOL;
file_put_contents("login.log", $out, FILE_APPEND);
self::$_authTicket = $authTicket;
$_SESSION['auth_ticket'] = self::$_authTicket;
}
}
}
