/** * Perform user authorisation. * * @param string $login * @param string $password * @return bool */ public static function doAuthorisation($login = '', $password = '') { $user = User::find_by_login_and_password($login, Common::getPasswordHash($password, $login)); if ($user) { $_SESSION['user'] = $user->id; $_SESSION['login'] = $user->login; $session = Session::find_by_user_and_agent($user->id, $_SERVER['HTTP_USER_AGENT']); if (!$session) { $session = Session::create(array('user' => $user->id, 'agent' => $_SERVER['HTTP_USER_AGENT'])); } $session->save(); $_SESSION['session'] = $session->id; setcookie("u", $user->id, time() + 3600 * 24 * 14); setcookie("s", md5($session->id), time() + 3600 * 24 * 14); return true; } return false; }
/** * DELETE method: Close current session. * * @param Request $request * @throws Exception * @return mixed */ public function delete($request) { switch (count($request->url_elements)) { case 1: if (Common::checkAuthorization()) { $session = Session::find_by_id($_SESSION['session']); if ($session) { $session->delete(); session_destroy(); setcookie("u", '', time() - 3600); setcookie("s", '', time() - 3600); return json_decode($session->to_json()); } else { throw new Exception("Session not found.", 404); } } else { throw new Exception("Authorisation required.", 403); } default: throw new Exception("Unknown request.", 500); } }