/** * Checks if the proper credential has been supplied to access the current post **/ private function is_authorized($post = null, $deny = false) { $auth = Controller::get_var('sharedraft'); // if there's no auth key, deny authorization automatically if ($auth == null) { return false; } ACL::clear_caches(); // sadly, caching can't be used with Hisa // if someone has an auth token but should be denied, mess them up if ($deny == true) { // Utils::redirect( Site::get_url() ); exit; return false; } // we assume the authorization is fine until actually testing the post if ($post != null) { if ($auth != $this->get_secret_key($post)) { return false; } } return true; }
/** * Delete the user id from the session */ public function forget() { // is this user acting as another user? if (isset($_SESSION['sudo'])) { // if so, remove the sudo token, but don't log out // the user unset($_SESSION['sudo']); Utils::redirect(Site::get_url('admin')); } ACL::clear_caches(); Plugins::act('user_forget', $this); Session::clear_userid($_SESSION['user_id']); unset($_SESSION['user_id']); $home = Options::get('base_url'); Utils::redirect(Site::get_url('habari')); }
/** * Remove a permission token from the user permissions table * @param integer $user_id The user ID * @param mixed $token_id The name or ID of the permission token * @return the result of the DB query */ public static function revoke_user_token($user_id, $token_id) { $token_id = self::token_id($token_id); $result = DB::delete('{user_token_permissions}', array('user_id' => $user_id, 'token_id' => $token_id)); ACL::clear_caches(); return $result; }
/** * Delete the user id from the session * @param boolean $redirect Redirect the user to base_url after destroying session? */ public function forget($redirect = true) { // if the user is not actually logged in, just return so we don't throw any errors later if ($this->loggedin != true) { return; } // is this user acting as another user? if (isset($_SESSION['sudo'])) { // if so, remove the sudo token, but don't log out // the user unset($_SESSION['sudo']); if ($redirect) { Utils::redirect(Site::get_url('admin')); } else { // we want to return, not continue processing, or we'd log out the user too return; } } ACL::clear_caches(); Plugins::act('user_forget', $this); Session::clear_userid($_SESSION['user_id']); // then destroy the entire session Session::destroy(); if ($redirect) { Utils::redirect(Site::get_url('site')); } }