}
# if
SpotTiming::stop('auth');
/*
* And check if the security groups need updating
*/
if (!$currentSession['security']->securityValid()) {
throw new SecurityNotUpgradedException();
}
# if
# User session has been loaded, let's translate the categories
if ($currentSession['user']['prefs']['user_language'] != 'en_US') {
SpotTranslation::initialize($currentSession['user']['prefs']['user_language']);
}
# if
SpotCategories::startTranslation();
/*
* Let the form handler know what userid we are using so
* we can make the CSRF cookie be user-bounded
*/
$req->setUserId($currentSession['user']['userid']);
/*
* Only now it is safe to check wether the user is actually alowed
* to authenticate with an API key
*/
if ($req->doesExist('apikey')) {
/*
* To use the Spotweb API we need the actual permission
*/
$currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
/*
