/** * Check user authorisation. * * @return bool */ public static function checkAuthorization() { if (isset($_SESSION['user']) && isset($_SESSION['login'])) { return true; } else { if (isset($_COOKIE['u']) and isset($_COOKIE['s'])) { $session = Session::find_by_user_and_agent($_COOKIE['u'], $_SERVER['HTTP_USER_AGENT']); if ($session) { if (md5($session->id) == $_COOKIE['s']) { $user = User::find_by_id($_COOKIE['u']); if ($user) { $_SESSION['session'] = $session->id; $_SESSION['user'] = $user->id; $_SESSION['login'] = $user->login; setcookie("u", $user->id, time() + 3600 * 24 * 14); setcookie("s", md5($session->id), time() + 3600 * 24 * 14); return true; } } else { $session->delete(); } } } } return false; }
/** * Get current application user * * @return User */ public static function currentUser() { if (Common::checkAuthorization()) { $user = User::find_by_id($_SESSION['user']); return $user; } return null; }
/** * DELETE method: Delete user * * @param Request $request * @throws Exception * @return mixed */ public function delete($request) { switch (count($request->url_elements)) { case 2: // Don't have permissions - throw Exception if (!Application::isAdmin()) { throw new Exception("You don't have required permissions to update this user.", 403); } // Like success - delete user & return $user = User::find_by_id($request->url_elements[1]); if ($user) { $user->delete(); return json_decode($user->to_json(array('except' => 'password'))); } else { throw new Exception("User not found.", 404); } default: throw new Exception("Unknown request.", 500); } }