+// logout.php is the only page we should have always
+// accessable regardless of access level and current login status.
+if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
+
+ login_timeout();
+
+ if (!$_SESSION["wa_current_user"]->logged_in())
+ {
+ // Show login screen
+ if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
+ {
+ $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'],
+ 'post' => $_POST);
+
+ if (!in_ajax()) {
+ include($path_to_root . "/access/login.php");
+ } else {
+ // ajax update of current page elements - open login window in popup
+ // to not interfere with ajaxified page.
+ $Ajax->popup($path_to_root . "/access/timeout.php");
+ }
+ exit;
+ } else {
+ $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
+ $_POST["user_name_entry_field"], md5($_POST["password"]));
+ // select full vs fallback ui mode on login
+ $_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
+ if (!$succeed)
+ {
+ // Incorrect password
+ login_fail();
+ }
+ $lang = &$_SESSION['language'];
+ $lang->set_language($_SESSION['language']->code);
+ }
+ }
+
+ include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php');
+
+ if (!isset($_SESSION["App"])) {
+ $_SESSION["App"] = new front_accounting();
+ $_SESSION["App"]->init();
+ }
+}
+// POST vars cleanup needed for direct reuse.
+// We quote all values later with db_escape() before db update.
+ $_POST = strip_quotes($_POST);