public function getCurrentUser()
{
global $page_uid, $page_user, $login_uid, $login_name, $login_user;
require_once "api/User/User.php";
session_start();
PA::$login_uid = NULL;
PA::$login_user = NULL;
$login_uid = NULL;
$login_name = NULL;
$login_user = NULL;
$this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null;
// Check if an authToken variable in GET and use it if available
$authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null;
if ($authToken) {
try {
$user = new User();
$user = $this->getUserFromAuthToken($authToken);
if ($user && $user->user_id) {
// User is valid so log_in the user
// Since we know that AuthToken was passed into the URL, we can assume this
// user was redirected here from a partner web site. We need to log in the user
// as if they logged in through the normal PeopleAggregator login form:
// (ie. set all session variables just as if dologin.php was called).
$referer = "external site";
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
}
$pal = new PA_Login();
$pal->log_in($user->user_id, false, $referer);
// Set authToken as a session variable so that it can be accessed anywhere
$_SESSION['authToken'] = $authToken;
}
} catch (Exception $e) {
if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) {
throw $e;
}
// The currently logged-in user has been deleted; invalidate the session.
session_destroy();
session_start();
$login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
}
}
if ($this->CurrUser) {
try {
$user = new User();
$user->load((int) $this->CurrUser['id'], "user_id", TRUE);
} catch (Exception $e) {
if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) {
throw $e;
}
// The currently logged-in user has been deleted; invalidate the session.
session_destroy();
session_start();
$login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
}
}
if (isset($user) && $user) {
// if the user variable is set
if ($user->user_id) {
$login_name = $this->CurrUser['name'];
PA::$login_user = $login_user = $user;
PA::$login_uid = $login_uid = $user->user_id;
}
if (PA::$login_uid) {
PA::$login_user->update_user_time_spent();
User::track_status(PA::$login_uid);
}
}
// If a user is specified on the query string as an ID (uid=123) or
// login name (login=phil), validate the id/name and load the user
// object.
if (!empty($_GET['uid'])) {
$page_uid = PA::$page_uid = (int) $_GET['uid'];
$page_user = PA::$page_user = new User();
PA::$page_user->load(PA::$page_uid);
} else {
if (!empty($_GET['login'])) {
$page_user = PA::$page_user = new User();
if (is_numeric($_GET['login'])) {
PA::$page_user->load((int) $_GET['login']);
} else {
PA::$page_user->load($_GET['login']);
}
$page_uid = PA::$page_uid = PA::$page_user->user_id;
} else {
$page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL;
}
}
// Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*.
if (PA::$page_uid) {
$uid = PA::$uid = PA::$page_uid;
$user = PA::$user = PA::$page_user;
} else {
$uid = PA::$uid = PA::$login_uid;
$user = PA::$user = PA::$login_user;
}
session_commit();
}
// login name (login=phil), validate the id/name and load the user
// object.
if (!empty($_GET['uid'])) {
$page_uid = PA::$page_uid = (int) $_GET['uid'];
$page_user = PA::$page_user = new User();
PA::$page_user->load(PA::$page_uid);
} elseif (!empty($_GET['login'])) {
$page_user = PA::$page_user = new User();
if (is_numeric($_GET['login'])) {
PA::$page_user->load((int) $_GET['login']);
} else {
PA::$page_user->load($_GET['login']);
}
$page_uid = PA::$page_uid = PA::$page_user->user_id;
} else {
$page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL;
}
// Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*.
if (PA::$page_uid) {
$uid = PA::$uid = PA::$page_uid;
$user = PA::$user = PA::$page_user;
} else {
$uid = PA::$uid = PA::$login_uid;
$user = PA::$user = PA::$login_user;
}
// return the User object for the logged-in user.
// DEPRECATED: just use PA::$login_user now!
function get_login_user()
{
return PA::$login_user;
}