* * We try to check if any output has been submitted, and if so, we refuse * to continue to prevent all sorts of confusing bug reports */ if (headers_sent() || (int) ob_get_length() > 0) { throw new OwnsettingsCreatedOutputException(); } # if # helper functions for passed variables $req = new SpotReq(); $req->initialize($settings); $page = $req->getDef('page', 'index'); # Retrieve the users object of the user which is logged on SpotTiming::start('auth'); $spotUserSystem = new SpotUserSystem($db, $settings); if ($req->doesExist('apikey')) { $currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', '')); } else { $currentSession = $spotUserSystem->useOrStartSession(false); } # if /* * If three is no user object, we don't have a security system * either. Without a security system we cannot boot, so fatal */ if ($currentSession === false) { if ($req->doesExist('apikey')) { $currentSession = $spotUserSystem->useOrStartSession(true); throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key'); } else { throw new SqlErrorException("Unable to create session");