projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Optional type parameter in get_extensions_list().
[fa-stable.git]
/
includes
/
session.inc
diff --git
a/includes/session.inc
b/includes/session.inc
index 734c17036f9d2160bf55d535380c7f01f284323f..4a6b083a8e1cae90787c14cc5aebd00a8823be73 100644
(file)
--- a/
includes/session.inc
+++ b/
includes/session.inc
@@
-51,6
+51,10
@@
function login_fail()
function check_page_security($page_security)
{
function check_page_security($page_security)
{
+ global $SysPrefs;
+
+ $msg = '';
+
if (!$_SESSION["wa_current_user"]->check_user_access())
{
// notification after upgrade from pre-2.2 version
if (!$_SESSION["wa_current_user"]->check_user_access())
{
// notification after upgrade from pre-2.2 version
@@
-58,7
+62,11
@@
function check_page_security($page_security)
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
-
+ } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) {
+ $msg = _('Access to application has been blocked until database upgrade is completed by system administrator.');
+ }
+
+ if ($msg){
display_error($msg);
end_page();
kill_login();
display_error($msg);
end_page();
kill_login();
@@
-75,6
+83,14
@@
function check_page_security($page_security)
end_page();
exit;
}
end_page();
exit;
}
+ if (!$_SESSION['SysPrefs']->db_ok
+ && !in_array($page_security, array('SA_SOFTWAREUPGRADE', 'SA_OPEN', 'SA_BACKUP')))
+ {
+ display_error(_('System is blocked after source upgrade until database is updated on System/Software Upgrade page'));
+ end_page();
+ exit;
+ }
+
}
/*
Helper function for setting page security level depeding on
}
/*
Helper function for setting page security level depeding on
@@
-147,6
+163,7
@@
include_once($path_to_root . "/includes/lang/language.php");
include_once($path_to_root . "/config_db.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
include_once($path_to_root . "/config_db.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
+include_once($path_to_root . "/includes/prefs/sysprefs.inc");
/*
Uncomment the setting below when using FA on shared hosting
/*
Uncomment the setting below when using FA on shared hosting
@@
-157,33
+174,38
@@
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
ini_set('session.gc_maxlifetime', 36000); // 10hrs
ini_set('session.gc_maxlifetime', 36000); // 10hrs
-session_name('F
rontAccounting'
);
+session_name('F
A'.md5(dirname(__FILE__))
);
session_start();
session_start();
+
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
+include_once($path_to_root . "/config.php");
get_text_init();
// Page Initialisation
get_text_init();
// Page Initialisation
-if (!isset($_SESSION['language']))
+if (!isset($_SESSION['language'])
|| !method_exists($_SESSION['language'], 'set_language')
)
{
{
- load_languages(); // sets also default $_SESSION['language']
+ $l = array_search_value($dflt_lang, $installed_languages, 'code');
+ $_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
+ isset($l['rtl']) ? 'rtl' : 'ltr');
}
$_SESSION['language']->set_language($_SESSION['language']->code);
// include $Hooks object if locale file exists
}
$_SESSION['language']->set_language($_SESSION['language']->code);
// include $Hooks object if locale file exists
-if
(@include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"))
+if
(file_exists($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"))
{
{
+ include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc");
$Hooks = new Hooks();
}
include_once($path_to_root . "/includes/access_levels.inc");
$Hooks = new Hooks();
}
include_once($path_to_root . "/includes/access_levels.inc");
-include_once($path_to_root . "/
config
.php");
+include_once($path_to_root . "/
version
.php");
include_once($path_to_root . "/includes/main.inc");
// Ajax communication object
include_once($path_to_root . "/includes/main.inc");
// Ajax communication object
-$Ajax =
&
new Ajax();
+$Ajax = new Ajax();
// js/php validation rules container
$Validate = array();
// js/php validation rules container
$Validate = array();
@@
-192,8
+214,6
@@
$Editors = array();
// page help. Currently help for function keys.
$Pagehelp = array();
// page help. Currently help for function keys.
$Pagehelp = array();
-$SysPrefs = new sys_prefs();
-
$Refs = new references();
// intercept all output to destroy it in case of ajax call
$Refs = new references();
// intercept all output to destroy it in case of ajax call
@@
-206,8
+226,6
@@
set_error_handler('error_handler' /*, errtypes */);
if (!isset($_SESSION["wa_current_user"]))
$_SESSION["wa_current_user"] = new current_user();
if (!isset($_SESSION["wa_current_user"]))
$_SESSION["wa_current_user"] = new current_user();
-set_global_connection();
-
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
@@
-219,19
+237,19
@@
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
- $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'],
+ // strip ajax marker from uri, to force synchronous page reload
+ $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
+ '', @$_SERVER['REQUEST_URI']),
'post' => $_POST);
'post' => $_POST);
- if (!in_ajax()) {
- include($path_to_root . "/access/login.php");
- } else {
- // ajax update of current page elements - open login window in popup
- // to not interfere with ajaxified page.
- $Ajax->popup($path_to_root . "/access/timeout.php");
- }
+ include($path_to_root . "/access/login.php");
+ if (in_ajax())
+ $Ajax->activate('_page_body');
exit;
} else {
exit;
} else {
- $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
+
+ $succeed = isset($db_connections[$_POST["company_login_name"]]) &&
+ $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
$_POST["user_name_entry_field"], md5($_POST["password"]));
// select full vs fallback ui mode on login
$_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
$_POST["user_name_entry_field"], md5($_POST["password"]));
// select full vs fallback ui mode on login
$_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
@@
-243,15
+261,20
@@
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
$lang = &$_SESSION['language'];
$lang->set_language($_SESSION['language']->code);
}
$lang = &$_SESSION['language'];
$lang->set_language($_SESSION['language']->code);
}
- }
+ } else
+ set_global_connection();
- include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php');
+ if (!$_SESSION["wa_current_user"]->old_db)
+ include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php');
if (!isset($_SESSION["App"])) {
$_SESSION["App"] = new front_accounting();
$_SESSION["App"]->init();
}
}
if (!isset($_SESSION["App"])) {
$_SESSION["App"] = new front_accounting();
$_SESSION["App"]->init();
}
}
+
+$SysPrefs = &$_SESSION['SysPrefs'];
+
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);