/**
* Used by subclasses to validate access keys when they are allowed.
* @param $userId int The user this key refers to
* @param $reviewId int The ID of the review this key refers to
* @param $newKey string The new key name, if one was supplied; otherwise, the existing one (if it exists) is used
* @return object Valid user object if the key was valid; otherwise NULL.
*/
function &validateAccessKey($userId, $reviewId, $newKey = null)
{
$press =& Request::getPress();
if (!$press || !$press->getSetting('reviewerAccessKeysEnabled')) {
$accessKey = false;
return $accessKey;
}
define('REVIEWER_ACCESS_KEY_SESSION_VAR', 'ReviewerAccessKey');
import('lib.pkp.classes.security.AccessKeyManager');
$accessKeyManager = new AccessKeyManager();
$session =& Request::getSession();
// Check to see if a new access key is being used.
if (!empty($newKey)) {
if (Validation::isLoggedIn()) {
Validation::logout();
}
$keyHash = $accessKeyManager->generateKeyHash($newKey);
$session->setSessionVar(REVIEWER_ACCESS_KEY_SESSION_VAR, $keyHash);
} else {
$keyHash = $session->getSessionVar(REVIEWER_ACCESS_KEY_SESSION_VAR);
}
// Now that we've gotten the key hash (if one exists), validate it.
$accessKey =& $accessKeyManager->validateKey('ReviewerContext', $userId, $keyHash, $reviewId);
if ($accessKey) {
$userDao =& DAORegistry::getDAO('UserDAO');
$user =& $userDao->getUser($accessKey->getUserId(), false);
return $user;
}
// No valid access key -- return NULL.
return $accessKey;
}