|
public static identify ( ) : |
||
| return | user object, or false if no valid cookie exists | |
public static function identify()
{
$out = false;
// Let plugins set the user
if ($out = Plugins::filter('user_identify', $out)) {
self::$identity = $out;
}
// If we have a user_id for this user in their session, use it to get the user object
if (isset($_SESSION['user_id'])) {
// If the user is already cached in this static class, use it
if (isset(self::$identity)) {
$out = self::$identity;
} else {
if ($user = self::get_by_id(intval($_SESSION['user_id']))) {
// Cache the user in the static variable
self::$identity = $user;
$out = $user;
}
}
}
// Is the visitor a non-anonymous user
if ($out instanceof User) {
// Is this user acting as another user?
if (isset($_SESSION['sudo'])) {
// Return the User for the sudo user id instead
$out = self::get_by_id(intval($_SESSION['sudo']));
}
} else {
$out = self::anonymous();
}
return $out;
} /**
* Check if a user is authenticated for Atom editing
*
* @todo This entire function should be put into the User class somehow.
* @todo X-WSSE
* @param bool $force Force authorization? If so, basic HTTP_AUTH is displayed if not authed
* @return User The logged-in user
*/
function is_auth($force = false)
{
if ($this->user == null || $force != false) {
if (isset($_SERVER['PHP_AUTH_USER'])) {
User::authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->user = User::identify();
if ($force != false && !$this->user->loggedin) {
header('HTTP/1.1 401 Unauthorized', true, 401);
header('Status: 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Habari"');
die;
}
}
return $this->user->loggedin;
}
