projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Optional type parameter in get_extensions_list().
[fa-stable.git]
/
includes
/
session.inc
diff --git
a/includes/session.inc
b/includes/session.inc
index ba703dee0e8432e5dbd442cfcfd78b2e66db3be8..4a6b083a8e1cae90787c14cc5aebd00a8823be73 100644
(file)
--- a/
includes/session.inc
+++ b/
includes/session.inc
@@
-51,6
+51,10
@@
function login_fail()
function check_page_security($page_security)
{
function check_page_security($page_security)
{
+ global $SysPrefs;
+
+ $msg = '';
+
if (!$_SESSION["wa_current_user"]->check_user_access())
{
// notification after upgrade from pre-2.2 version
if (!$_SESSION["wa_current_user"]->check_user_access())
{
// notification after upgrade from pre-2.2 version
@@
-58,7
+62,11
@@
function check_page_security($page_security)
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
-
+ } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) {
+ $msg = _('Access to application has been blocked until database upgrade is completed by system administrator.');
+ }
+
+ if ($msg){
display_error($msg);
end_page();
kill_login();
display_error($msg);
end_page();
kill_login();
@@
-75,6
+83,14
@@
function check_page_security($page_security)
end_page();
exit;
}
end_page();
exit;
}
+ if (!$_SESSION['SysPrefs']->db_ok
+ && !in_array($page_security, array('SA_SOFTWAREUPGRADE', 'SA_OPEN', 'SA_BACKUP')))
+ {
+ display_error(_('System is blocked after source upgrade until database is updated on System/Software Upgrade page'));
+ end_page();
+ exit;
+ }
+
}
/*
Helper function for setting page security level depeding on
}
/*
Helper function for setting page security level depeding on
@@
-147,6
+163,7
@@
include_once($path_to_root . "/includes/lang/language.php");
include_once($path_to_root . "/config_db.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
include_once($path_to_root . "/config_db.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
+include_once($path_to_root . "/includes/prefs/sysprefs.inc");
/*
Uncomment the setting below when using FA on shared hosting
/*
Uncomment the setting below when using FA on shared hosting
@@
-157,16
+174,17
@@
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
ini_set('session.gc_maxlifetime', 36000); // 10hrs
ini_set('session.gc_maxlifetime', 36000); // 10hrs
-session_name('F
rontAccounting'
);
+session_name('F
A'.md5(dirname(__FILE__))
);
session_start();
session_start();
+
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
-
+include_once($path_to_root . "/config.php");
get_text_init();
// Page Initialisation
get_text_init();
// Page Initialisation
-if (!isset($_SESSION['language']))
+if (!isset($_SESSION['language'])
|| !method_exists($_SESSION['language'], 'set_language')
)
{
$l = array_search_value($dflt_lang, $installed_languages, 'code');
$_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
{
$l = array_search_value($dflt_lang, $installed_languages, 'code');
$_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
@@
-176,13
+194,14
@@
if (!isset($_SESSION['language']))
$_SESSION['language']->set_language($_SESSION['language']->code);
// include $Hooks object if locale file exists
$_SESSION['language']->set_language($_SESSION['language']->code);
// include $Hooks object if locale file exists
-if
(@include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"))
+if
(file_exists($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"))
{
{
+ include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc");
$Hooks = new Hooks();
}
include_once($path_to_root . "/includes/access_levels.inc");
$Hooks = new Hooks();
}
include_once($path_to_root . "/includes/access_levels.inc");
-include_once($path_to_root . "/
config
.php");
+include_once($path_to_root . "/
version
.php");
include_once($path_to_root . "/includes/main.inc");
// Ajax communication object
include_once($path_to_root . "/includes/main.inc");
// Ajax communication object
@@
-195,8
+214,6
@@
$Editors = array();
// page help. Currently help for function keys.
$Pagehelp = array();
// page help. Currently help for function keys.
$Pagehelp = array();
-$SysPrefs = new sys_prefs();
-
$Refs = new references();
// intercept all output to destroy it in case of ajax call
$Refs = new references();
// intercept all output to destroy it in case of ajax call
@@
-220,19
+237,19
@@
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
- $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'],
+ // strip ajax marker from uri, to force synchronous page reload
+ $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
+ '', @$_SERVER['REQUEST_URI']),
'post' => $_POST);
'post' => $_POST);
- if (!in_ajax()) {
- include($path_to_root . "/access/login.php");
- } else {
- // ajax update of current page elements - open login window in popup
- // to not interfere with ajaxified page.
- $Ajax->popup($path_to_root . "/access/timeout.php");
- }
+ include($path_to_root . "/access/login.php");
+ if (in_ajax())
+ $Ajax->activate('_page_body');
exit;
} else {
exit;
} else {
- $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
+
+ $succeed = isset($db_connections[$_POST["company_login_name"]]) &&
+ $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
$_POST["user_name_entry_field"], md5($_POST["password"]));
// select full vs fallback ui mode on login
$_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
$_POST["user_name_entry_field"], md5($_POST["password"]));
// select full vs fallback ui mode on login
$_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
@@
-256,6
+273,7
@@
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
}
}
}
}
+$SysPrefs = &$_SESSION['SysPrefs'];
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.