public static identify ( ) : |
||
Результат | user object, or false if no valid cookie exists |
public static function identify()
{
$out = false;
// Let plugins set the user
if ($out = Plugins::filter('user_identify', $out)) {
self::$identity = $out;
}
// If we have a user_id for this user in their session, use it to get the user object
if (isset($_SESSION['user_id'])) {
// If the user is already cached in this static class, use it
if (isset(self::$identity)) {
$out = self::$identity;
} else {
if ($user = self::get_by_id(intval($_SESSION['user_id']))) {
// Cache the user in the static variable
self::$identity = $user;
$out = $user;
}
}
}
// Is the visitor a non-anonymous user
if ($out instanceof User) {
// Is this user acting as another user?
if (isset($_SESSION['sudo'])) {
// Return the User for the sudo user id instead
$out = self::get_by_id(intval($_SESSION['sudo']));
}
} else {
$out = self::anonymous();
}
return $out;
}
/** * Check if a user is authenticated for Atom editing * * @todo This entire function should be put into the User class somehow. * @todo X-WSSE * @param bool $force Force authorization? If so, basic HTTP_AUTH is displayed if not authed * @return User The logged-in user */ function is_auth($force = false) { if ($this->user == null || $force != false) { if (isset($_SERVER['PHP_AUTH_USER'])) { User::authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } $this->user = User::identify(); if ($force != false && !$this->user->loggedin) { header('HTTP/1.1 401 Unauthorized', true, 401); header('Status: 401 Unauthorized'); header('WWW-Authenticate: Basic realm="Habari"'); die; } } return $this->user->loggedin; }