2 /*--------------------------------------------------\
4 |---------------------------------------------------|
6 | http://open-accounting.sourceforge.net/ |
7 | by KylieTech Consulting |
8 | http://frontaccounting.com/ |
9 | by Joe Hunt Consulting |
10 \--------------------------------------------------*/
12 function output_html($text)
14 global $before_box, $Ajax, $messages;
15 // Fatal errors are not send to error_handler,
16 // so we must check the output
17 if ($text && preg_match('/\bFatal error(<.*?>)?:(.*)/i', $text, $m)) {
18 $Ajax->aCommands = array(); // Don't update page via ajax on errors
19 $text = preg_replace('/\bFatal error(<.*?>)?:(.*)/i','', $text);
20 $messages[] = array(E_ERROR, $m[2], null, null);
23 return in_ajax() ? fmt_errors() : ($before_box.fmt_errors().$text);
26 if (!isset($path_to_root))
31 include_once($path_to_root . "/includes/current_user.inc");
34 // Make sure this directory exists and is writable!
35 $session_save_path = dirname(__FILE__).'/tmp/';
38 $session_save_path = session_save_path();
39 if (strpos($session_save_path, ";") !== false)
40 $session_save_path = substr($session_save_path, strpos($session_save_path, ";") + 1);
42 if (isset($session_save_path))
44 session_save_path($session_save_path);
45 unset($session_save_path);
47 if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
48 die("Restricted access");
49 include_once($path_to_root . "/includes/lang/language.php");
50 include_once($path_to_root . "/config_db.php");
51 include_once($path_to_root . "/config.php");
52 include_once($path_to_root . "/includes/ajax.inc");
55 include_once($path_to_root . "/includes/main.inc");
57 //----------------------------------------------------------------------------------------
65 //----------------------------------------------------------------------------------------
69 echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Password") . "<b></font><br><br>";
70 echo "<b>" . _("The user and password combination is not valid for the system.") . "<b><br><br>";
72 echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
73 echo "<br><a href='javascript:history.go(-1)'>" . _("Back") . "</a>";
80 //----------------------------------------------------------------------------------------
82 function check_page_security($page_security)
84 if (!$_SESSION["wa_current_user"]->check_user_access())
86 echo "<br><br><br><center>";
87 echo "<b>" . _("Security settings have not been defined for your user account.");
88 echo "<br>" . _("Please contact your system administrator.") . "</b>";
94 if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
96 page(_("Access denied"));
97 echo "<center><br><br><br><b>";
98 echo _("The security settings on your account do not permit you to access this function");
100 echo "<br><br><br><br></center>";
101 //echo '<script type="text/javascript">';
102 //echo 'alert("' . _("The security settings on your account do not permit you to access this function") . '");';
103 //echo 'history.go(-1)';
111 //-----------------------------------------------------------------------------
112 // Removing magic quotes from nested arrays/variables
114 function strip_quotes($data)
116 if(get_magic_quotes_gpc()) {
117 if(is_array($data)) {
118 foreach($data as $k => $v) {
119 $data[$k] = strip_quotes($data[$k]);
122 return stripslashes($data);
128 //----------------------------------------------------------------------------------------
129 if (!isset($_SESSION["wa_current_user"]) ||
130 (isset($_SESSION["wa_current_user"]) && !$_SESSION["wa_current_user"]->logged_in()))
133 $_SESSION["wa_current_user"] = new current_user();
136 if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
138 include($path_to_root . "/access/login.php");
139 $Ajax->redirect($path_to_root . "/access/login.php");
143 include_once($path_to_root . "/includes/ui/ui_msgs.inc");
144 // intercept all output to destroy it in case of ajax call
145 register_shutdown_function('ob_end_flush');
146 ob_start('output_html',0);
147 // colect all error msgs
148 set_error_handler('error_handler' /*, errtypes */);
150 if (isset($_POST["user_name_entry_field"]))
152 $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
153 $_POST["user_name_entry_field"],
154 md5($_POST["password"]));
155 // select full vs fallback ui mode on login
156 $_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
159 // Incorrect password
164 // Run with debugging messages for the system administrator(s) but not anyone else
165 /*if (in_array(15, $security_groups[$_SESSION["AccessLevel"]])) {
171 //----------------------------------------------------------------------------------------
173 check_page_security($page_security);
175 // POST vars cleanup needed for direct reuse.
176 // We quote all values later with db_escape() before db update.
177 $_POST = strip_quotes($_POST);