*
* We try to check if any output has been submitted, and if so, we refuse
* to continue to prevent all sorts of confusing bug reports
*/
if (headers_sent() || (int) ob_get_length() > 0) {
throw new OwnsettingsCreatedOutputException();
}
# if
# helper functions for passed variables
$req = new SpotReq();
$req->initialize($settings);
$page = $req->getDef('page', 'index');
# Retrieve the users object of the user which is logged on
SpotTiming::start('auth');
$spotUserSystem = new SpotUserSystem($db, $settings);
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
} else {
$currentSession = $spotUserSystem->useOrStartSession(false);
}
# if
/*
* If three is no user object, we don't have a security system
* either. Without a security system we cannot boot, so fatal
*/
if ($currentSession === false) {
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->useOrStartSession(true);
throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key');
} else {
throw new SqlErrorException("Unable to create session");
