/** * Use with caution! This bypasses authentication. * This functionality should not be exposed externally. * @param Users_User $user * The user object */ static function setLoggedInUser($user) { if (isset($_SESSION['users']['user']->id)) { if ($user->id == $_SESSION['users']['user']->id) { // This user is already the logged-in user. return; } } // Change the session id to prevent session fixation attacks Pie_Session::regenerate_id(); // Store the new information in the session $snf = Pie_Config::get('pie', 'session', 'nonceField', 'nonce'); $_SESSION['users']['user'] = $user; $_SESSION['pie'][$snf] = uniqid(); Pie::event('users/setLoggedInUser', compact('user'), 'after'); }