/** * Checks if the authorization tokens (username & API secret) are valid or not, and allow the request if they are. * If there are no authorization tokens, the request could be allowed if a valid session is found. */ public function control() { $owner = $this->isAPICallValid(); if ($owner) { Session::completeLogin($owner); return $this->authControl(); } $as = $this->getAPISecretFromRequest(); if (empty($as) && $this->isLoggedIn()) { return $this->authControl(); } // Assume if no API key is set, that it's a regular HTML page request if (empty($as)) { parent::control(); } else { $this->setContentType("text/plain; charset=UTF-8"); throw new UnauthorizedUserException("Unauthorized API call"); } }