- $_SESSION["wa_current_user"] = new current_user();
-
- // Show login screen
- if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
- {
- include($path_to_root . "/access/login.php");
- $Ajax->redirect($path_to_root . "/access/login.php");
- exit;
- }
- }
- include_once($path_to_root . "/includes/ui/ui_msgs.inc");
- // intercept all output to destroy it in case of ajax call
- register_shutdown_function('ob_end_flush');
- ob_start('output_html',0);
- // colect all error msgs
- set_error_handler('error_handler' /*, errtypes */);
-
- if (isset($_POST["user_name_entry_field"]))
- {
- $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
- $_POST["user_name_entry_field"],
- md5($_POST["password"]));
- // select full vs fallback ui mode on login
- $_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
- if (!$succeed)
+$Refs = new references();
+
+// intercept all output to destroy it in case of ajax call
+register_shutdown_function('end_flush');
+ob_start('output_html',0);
+
+// colect all error msgs
+set_error_handler('error_handler' /*, errtypes */);
+
+if (!isset($_SESSION["wa_current_user"]))
+ $_SESSION["wa_current_user"] = new current_user();
+
+html_cleanup($_GET);
+html_cleanup($_POST);
+html_cleanup($_REQUEST);
+
+// logout.php is the only page we should have always
+// accessable regardless of access level and current login status.
+if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
+
+ login_timeout();
+
+ if (!$_SESSION["wa_current_user"]->logged_in())
+ {
+ // Show login screen
+ if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")