Changed so -1 as parameters to dimensions in get_transactions db routines only fetch...

[fa-stable.git] / includes / session.inc
diff --git a/includes/session.inc b/includes/session.inc

index 89d8c333a25ace6ed4b18dae83da0a6c0b4cb59f..734c17036f9d2160bf55d535380c7f01f284323f 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -59,8 +59,7 @@ function check_page_security($page_security)
                                 . "<br>" . _("Please contact your system administrator.")       
                         : _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
  
-               page(_("Access denied"), false);
-                       display_error($msg);
+               display_error($msg);
                 end_page();
                 kill_login();
                 exit;
@@ -68,20 +67,37 @@ function check_page_security($page_security)
  
         if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
         {
-               // no_menu parameter guess here is ugly hack, but works for now.
-               // Better solution is to use global switch for menu, set before 
-               // session.inc inclusion.
-               page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
  
                 echo "<center><br><br><br><b>";
                 echo _("The security settings on your account do not permit you to access this function");
                 echo "</b>";
                 echo "<br><br><br><br></center>";
                 end_page();
-               //kill_login();
                 exit;
         }
  }
+/*
+       Helper function for setting page security level depeding on 
+       GET start variable and/or some value stored in session variable.
+       Before the call $page_security should be set to default page_security value.
+*/
+function set_page_security($value=null, $trans = array(), $gtrans = array())
+{
+       global $page_security;
+
+       // first check is this is not start page call
+       foreach($gtrans as $key => $area)
+               if (isset($_GET[$key])) {
+                       $page_security = $area;
+                       return;
+               }
+
+       // then check session value
+       if (isset($trans[$value])) {
+               $page_security = $trans[$value];
+               return;
+       }
+}
  
  //-----------------------------------------------------------------------------
  //     Removing magic quotes from nested arrays/variables
@@ -149,7 +165,7 @@ header("Cache-control: private");
  get_text_init();
  
  // Page Initialisation
-if (!isset($_SESSION['languages'])) 
+if (!isset($_SESSION['language'])) 
  {
         load_languages(); // sets also default $_SESSION['language']
  }
@@ -235,16 +251,6 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
                 $_SESSION["App"] = new front_accounting();
                 $_SESSION["App"]->init();
         }
-
-       /*
-       This call is necessary only at:
-       . on any page with non-standard security areas
-       . in security roles editor
-       To be optmized  after.
-       */
-       add_access_extensions();
-
-       check_page_security($page_security);
  }
  // POST vars cleanup needed for direct reuse.
  // We quote all values later with db_escape() before db update.