/** * User logout function * */ public function logout() { Session::clear("user_id"); Session::clear("user_permission"); Session::clear("username"); Session::clear("name"); }
public function __construct($method, $arguments = NULL) { if (Permissions::checkUserPermissions(__CLASS__, $method, $arguments)) { parent::__construct($method, $arguments); } else { if (Session::get("user_id")) { die("You have no access."); } else { header("Location: /user"); } } }
public static function checkUserPermissions($controller, $method, $arguments = NULL) { $Permissions = new Permissions(str_replace('Controller', '', $controller), $method, $arguments); // Get the permissions for the requested page. $nodePermission = $Permissions->getNodePermissions(); // If the page has no permissions sets then it is // accessible to all visitors. if ($nodePermission === FALSE || $nodePermission == 0) { return TRUE; } // If the request requires special permissions, the // visitor must be logged in with a user id. $userID = Session::get("user_id"); if ($userID === NULL) { return FALSE; } $userPermission = $Permissions->getUserPermissions($userID); if ($userPermission === FALSE || $userPermission < $nodePermission) { return FALSE; } return TRUE; }
/** * Returns all the users (authors) * from the database. * * @return array */ public function getUsers() { $sqlQuery = "SELECT id, CONCAT_WS(' ', firstname, lastname) AS author FROM Users"; $response = $this->read($sqlQuery); $returnValue = array("current" => Session::get("user_id"), "list" => $response); return $returnValue; }