public function oauth($tokenid) { $successURL = isset($_GET['returnurl']) ? $_GET['returnurl'] : new URL('auth', 'invalidReturn'); $failureURL = isset($_GET['cancelurl']) ? $_GET['cancelurl'] : $successURL; $grant = isset($_GET['grant']) ? (int) $_GET['grant'] === 1 : null; $session = Session::getInstance(); $token = db()->table('token')->get('token', $tokenid)->fetch(); #No token, no access if (!$token) { throw new PublicException('No token', 404); } $this->view->set('token', $token); $this->view->set('cancelURL', $failureURL); $this->view->set('continue', (string) new URL('auth', 'oauth', $tokenid, array_merge($_GET->getRaw(), array('grant' => 1)))); if (!$session->getUser()) { return $this->response->getHeaders()->redirect(new URL('user', 'login', array('returnto' => (string) URL::current()))); } if ($grant === false) { return $this->response->getHeaders()->redirect($failureURL); } if ($grant === true) { $token->user = $this->user; $token->store(); return $this->response->getHeaders()->redirect($successURL); } }
public function _onload() { #Get the user session, if no session is given - we skip all of the processing #The user could also check the token $s = Session::getInstance(); $u = $s->getUser(); $t = isset($_GET['token']) ? db()->table('token')->get('token', $_GET['token'])->fetch() : null; if (!$u && !$t) { return; } #Export the user to the controllers that may need it. $user = $u ? db()->table('user')->get('_id', $u)->fetch() : $t->user; $this->user = $user; $this->token = $t; try { #Check if the user is an administrator $admingroupid = SysSettingModel::getValue('admin.group'); $isAdmin = !!db()->table('user\\group')->get('group__id', $admingroupid)->addRestriction('user', $user)->fetch(); } catch (PrivateException $e) { $isAdmin = false; } $this->isAdmin = $isAdmin; $this->view->set('authUser', $this->user); $this->view->set('userIsAdmin', $isAdmin); }
public function logout() { $s = Session::getInstance(); $s->destroy(); return $this->response->getHeaders()->redirect(new URL()); }