$bootstrap = new Bootstrap(); list($settings, $daoFactory, $req) = $bootstrap->boot(); /* * Enable debug logging mechanism if timing is enabled */ if ($settings->get('enable_timing')) { SpotDebug::enable(SpotDebug::TRACE, $daoFactory->getDebugLogDao()); } # if # helper functions for passed variables $page = $req->getDef('page', 'index'); # Retrieve the users object of the user which is logged on SpotTiming::start('auth'); $svcUserAuth = new Services_User_Authentication($daoFactory, $settings); if ($req->doesExist('apikey')) { $currentSession = $svcUserAuth->verifyApi($req->getDef('apikey', '')); } else { $currentSession = $svcUserAuth->useOrStartSession(false); } # if /* * If three is no user object, we don't have a security system * either. Without a security system we cannot boot, so fatal */ if ($currentSession === false) { if ($req->doesExist('apikey')) { $currentSession = $svcUserAuth->useOrStartSession(true); throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key'); } else { throw new SqlErrorException("Unable to create session"); }
} # if /* * When retrieval is run from the webinterface, we want to make * sure this user is actually allowed to run retrieval. */ $svcUserRecord = new Services_User_Record($daoFactory, $settings); $svcUserAuth = new Services_User_Authentication($daoFactory, $settings); if (!SpotCommandline::isCommandline()) { /* * An API key is required, so request it and try to * create a session with it which we can use to validate * the user with */ $apiKey = $req->getDef('apikey', ''); $userSession = $svcUserAuth->verifyApi($apiKey); /* * If the session failed or the the user doesn't have access * to retrieve spots, let the user know */ if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) { throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, ''); } # if # Add the user's ip addres, we need it for sending notifications $userSession['session'] = array('ipaddr' => ''); } else { $userSession['user'] = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID); $userSession['security'] = new SpotSecurity($daoFactory->getUserDao(), $daoFactory->getAuditDao(), $settings, $userSession['user'], ''); $userSession['session'] = array('ipaddr' => ''); }