projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Updated mysql,php,debugging and extension system checks.
[fa-stable.git]
/
includes
/
session.inc
diff --git
a/includes/session.inc
b/includes/session.inc
index 04acec518543dc53ddc940be48a8f0bc6ad933d3..4a92fe238f80656ff65ee56a498aa12dfed98ada 100644
(file)
--- a/
includes/session.inc
+++ b/
includes/session.inc
@@
-51,6
+51,10
@@
function login_fail()
function check_page_security($page_security)
{
function check_page_security($page_security)
{
+ global $SysPrefs;
+
+ $msg = '';
+
if (!$_SESSION["wa_current_user"]->check_user_access())
{
// notification after upgrade from pre-2.2 version
if (!$_SESSION["wa_current_user"]->check_user_access())
{
// notification after upgrade from pre-2.2 version
@@
-58,7
+62,11
@@
function check_page_security($page_security)
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
-
+ } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) {
+ $msg = _('Access to application has been blocked until database upgrade is completed by system administrator.');
+ }
+
+ if ($msg){
display_error($msg);
end_page();
kill_login();
display_error($msg);
end_page();
kill_login();
@@
-75,6
+83,14
@@
function check_page_security($page_security)
end_page();
exit;
}
end_page();
exit;
}
+ if (!$_SESSION['SysPrefs']->db_ok
+ && !in_array($page_security, array('SA_SOFTWAREUPGRADE', 'SA_OPEN', 'SA_BACKUP')))
+ {
+ display_error(_('System is blocked after source upgrade until database is updated on System/Software Upgrade page'));
+ end_page();
+ exit;
+ }
+
}
/*
Helper function for setting page security level depeding on
}
/*
Helper function for setting page security level depeding on
@@
-147,6
+163,7
@@
include_once($path_to_root . "/includes/lang/language.php");
include_once($path_to_root . "/config_db.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
include_once($path_to_root . "/config_db.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
+include_once($path_to_root . "/includes/prefs/sysprefs.inc");
/*
Uncomment the setting below when using FA on shared hosting
/*
Uncomment the setting below when using FA on shared hosting
@@
-157,24
+174,28
@@
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
ini_set('session.gc_maxlifetime', 36000); // 10hrs
ini_set('session.gc_maxlifetime', 36000); // 10hrs
-session_name('F
rontAccounting'
);
+session_name('F
A'.md5(dirname(__FILE__))
);
session_start();
session_start();
+
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
get_text_init();
// Page Initialisation
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
get_text_init();
// Page Initialisation
-if (!isset($_SESSION['language
s']
))
+if (!isset($_SESSION['language
']) || !method_exists($_SESSION['language'], 'set_language'
))
{
{
- load_languages(); // sets also default $_SESSION['language']
+ $l = array_search_value($dflt_lang, $installed_languages, 'code');
+ $_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
+ isset($l['rtl']) ? 'rtl' : 'ltr');
}
$_SESSION['language']->set_language($_SESSION['language']->code);
// include $Hooks object if locale file exists
}
$_SESSION['language']->set_language($_SESSION['language']->code);
// include $Hooks object if locale file exists
-if
(@include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"))
+if
(file_exists($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"))
{
{
+ include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc");
$Hooks = new Hooks();
}
$Hooks = new Hooks();
}
@@
-183,7
+204,7
@@
include_once($path_to_root . "/config.php");
include_once($path_to_root . "/includes/main.inc");
// Ajax communication object
include_once($path_to_root . "/includes/main.inc");
// Ajax communication object
-$Ajax =
&
new Ajax();
+$Ajax = new Ajax();
// js/php validation rules container
$Validate = array();
// js/php validation rules container
$Validate = array();
@@
-192,8
+213,6
@@
$Editors = array();
// page help. Currently help for function keys.
$Pagehelp = array();
// page help. Currently help for function keys.
$Pagehelp = array();
-$SysPrefs = new sys_prefs();
-
$Refs = new references();
// intercept all output to destroy it in case of ajax call
$Refs = new references();
// intercept all output to destroy it in case of ajax call
@@
-206,8
+225,6
@@
set_error_handler('error_handler' /*, errtypes */);
if (!isset($_SESSION["wa_current_user"]))
$_SESSION["wa_current_user"] = new current_user();
if (!isset($_SESSION["wa_current_user"]))
$_SESSION["wa_current_user"] = new current_user();
-set_global_connection();
-
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
@@
-219,19
+236,19
@@
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
- $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'],
+ // strip ajax marker from uri, to force synchronous page reload
+ $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
+ '', @$_SERVER['REQUEST_URI']),
'post' => $_POST);
'post' => $_POST);
- if (!in_ajax()) {
- include($path_to_root . "/access/login.php");
- } else {
- // ajax update of current page elements - open login window in popup
- // to not interfere with ajaxified page.
- $Ajax->popup($path_to_root . "/access/timeout.php");
- }
+ include($path_to_root . "/access/login.php");
+ if (in_ajax())
+ $Ajax->activate('_page_body');
exit;
} else {
exit;
} else {
- $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
+
+ $succeed = isset($db_connections[$_POST["company_login_name"]]) &&
+ $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
$_POST["user_name_entry_field"], md5($_POST["password"]));
// select full vs fallback ui mode on login
$_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
$_POST["user_name_entry_field"], md5($_POST["password"]));
// select full vs fallback ui mode on login
$_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
@@
-243,15
+260,20
@@
if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
$lang = &$_SESSION['language'];
$lang->set_language($_SESSION['language']->code);
}
$lang = &$_SESSION['language'];
$lang->set_language($_SESSION['language']->code);
}
- }
+ } else
+ set_global_connection();
- include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php');
+ if (!$_SESSION["wa_current_user"]->old_db)
+ include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php');
if (!isset($_SESSION["App"])) {
$_SESSION["App"] = new front_accounting();
$_SESSION["App"]->init();
}
}
if (!isset($_SESSION["App"])) {
$_SESSION["App"] = new front_accounting();
$_SESSION["App"]->init();
}
}
+
+$SysPrefs = &$_SESSION['SysPrefs'];
+
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);