$settings = SpotSettings::singleton($db, $settings);
# Controleer eerst of de settings versie nog wel geldig zijn
if (!$settings->settingsValid()) {
die("Globale settings zijn gewijzigd, draai upgrade-db.php aub" . PHP_EOL);
}
# if
$req = new SpotReq();
$req->initialize($settings);
# We willen alleen uitgevoerd worden door een user die dat mag als
# we via de browser aangeroepen worden. Via console halen we altijd
# het admin-account op
$spotUserSystem = new SpotUserSystem($db, $settings);
if (isset($_SERVER['SERVER_PROTOCOL'])) {
# Vraag de API key op die de gebruiker opgegeven heeft
$apiKey = $req->getDef('apikey', '');
$userSession = $spotUserSystem->verifyApi($apiKey);
if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
die("Access denied");
}
# if
} else {
$userSession['user'] = $db->getUser(SPOTWEB_ADMIN_USERID);
$userSession['security'] = new SpotSecurity($db, $settings, $userSession['user']);
}
# if
if ($req->getDef('output', '') == 'xml') {
echo "<xml>";
}
# if
# We vragen de nntp_hdr settings alvast op
$settings_nntp_hdr = $settings->get('nntp_hdr');
* We try to check if any output has been submitted, and if so, we refuse
* to continue to prevent all sorts of confusing bug reports
*/
if (headers_sent() || (int) ob_get_length() > 0) {
throw new OwnsettingsCreatedOutputException();
}
# if
# helper functions for passed variables
$req = new SpotReq();
$req->initialize($settings);
$page = $req->getDef('page', 'index');
# Retrieve the users object of the user which is logged on
SpotTiming::start('auth');
$spotUserSystem = new SpotUserSystem($db, $settings);
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->verifyApi($req->getDef('apikey', ''));
} else {
$currentSession = $spotUserSystem->useOrStartSession(false);
}
# if
/*
* If three is no user object, we don't have a security system
* either. Without a security system we cannot boot, so fatal
*/
if ($currentSession === false) {
if ($req->doesExist('apikey')) {
$currentSession = $spotUserSystem->useOrStartSession(true);
throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key');
} else {
throw new SqlErrorException("Unable to create session");
}
