audit log & terms

do not handle a timed out user log.
and
better check on login and termsaccepted.

app/Controller/AppController.php

@@ -65,7 +65,7 @@ class AppController extends Controller {
 
 	public function beforeFilter() {
 		// user must accept terms
-		if (($this->Auth->user() != null) && is_numeric($this->Auth->user('id')) && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array('/users/terms', '/users/logout', '/users/login')))) {
+		if ($this->Session->check('User') && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array('/users/terms', '/users/logout', '/users/login')))) {
 			$this->redirect(array('controller' => 'users', 'action' => 'terms'));
 		}
 

app/Controller/UsersController.php

@@ -321,7 +321,9 @@ class UsersController extends AppController {
 	}
 
 	public function logout() {
-		$this->extraLog("logout");	// TODO Audit, extraLog, check: customLog i.s.o. extraLog, $this->User->customLog('logout', $this->Auth->user('id'), array());
+		if ($this->Session->check('User')) { // TODO session, user is logged in, so ..
+			$this->extraLog("logout");	// TODO Audit, extraLog, check: customLog i.s.o. extraLog, $this->User->customLog('logout', $this->Auth->user('id'), array());
+		}
 		$this->Session->setFlash(__('Good-Bye'));
 		$this->redirect($this->Auth->logout());
 	}