Fixed warning displayed before 2.2 db upgrade.

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index f8d8c1e6253b786906c1c0a86af5ace4aa5d1054..dad1c1c94f1cca20259e8f77ac2f937a8e7a18da 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -61,7 +61,11 @@ function check_page_security($page_security)
 
        if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
        {
-               page(_("Access denied"));
+               // no_menu parameter guess here is ugly hack, but works for now.
+               // Better solution is to use global switch for menu, set before 
+               // session.inc inclusion.
+               page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
+
                echo "<center><br><br><br><b>";
                echo _("The security settings on your account do not permit you to access this function");
                echo "</b>";
@@ -88,6 +92,20 @@ function strip_quotes($data)
        return $data;
 }
 
+//============================================================================
+//
+//
+function login_timeout()
+{
+       if ($_SESSION["wa_current_user"]->logged) {
+               $tout = $_SESSION["wa_current_user"]->timeout;
+               if ($tout && (time() > $_SESSION["wa_current_user"]->last_act + $tout))
+               {
+                       $_SESSION["wa_current_user"]->logged = false;
+               }
+               $_SESSION["wa_current_user"]->last_act = time();
+       }
+}
 //============================================================================
 if (!isset($path_to_root))
 {
@@ -106,9 +124,13 @@ include_once($path_to_root . "/includes/ajax.inc");
 include_once($path_to_root . "/includes/ui/ui_msgs.inc");
 
 /*
+       Uncomment the setting below when using FA on shared hosting
+       to avoid unexpeced session timeouts.
        Make sure this directory exists and is writable!
-//     $session_save_path = dirname(__FILE__).'/../tmp/';
 */
+//ini_set('session.save_path', dirname(__FILE__).'/../tmp/');
+
+ini_set('session.gc_maxlifetime', 36000); // 10hrs
 
 session_name('FrontAccounting');
 session_start();
@@ -139,9 +161,13 @@ $Ajax =& new Ajax();
 
 // js/php validation rules container
 $Validate = array();
+// bindings for editors
+$Editors = array();
+// page help. Currently help for function keys.
+$Pagehelp = array();
 
 // intercept all output to destroy it in case of ajax call
-register_shutdown_function('ob_end_flush');
+register_shutdown_function('end_flush');
 ob_start('output_html',0);
 
 // colect all error msgs
@@ -149,15 +175,27 @@ set_error_handler('error_handler' /*, errtypes */);
 
 if (!isset($_SESSION["wa_current_user"]))
        $_SESSION["wa_current_user"] = new current_user();
+
 set_global_connection();
 
+login_timeout();
+
 if (!$_SESSION["wa_current_user"]->logged_in())
 {
        // Show login screen
        if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
        {
-               include($path_to_root . "/access/login.php");
-               $Ajax->redirect($path_to_root . "/access/login.php");
+               if (strstr($_SERVER['PHP_SELF'], 'timeout.php') == false) 
+                       $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'],
+                               'post' => $_POST);
+
+               if (!in_ajax()) {
+                       include($path_to_root . "/access/login.php");
+               } else {
+                       // ajax update of current page elements - open login window in popup
+                       // to not interfere with ajaxified page.
+                       $Ajax->popup($path_to_root . "/access/timeout.php");
+               }
                exit;
        } else {
                $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],