X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=includes%2Fsession.inc;h=734c17036f9d2160bf55d535380c7f01f284323f;hb=42e7c789b5c755130859f7e487d7c3057fadfcdf;hp=89d8c333a25ace6ed4b18dae83da0a6c0b4cb59f;hpb=16f0dcc2d7cbfa736889306fa0faef1592cc64d6;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index 89d8c333..734c1703 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -59,8 +59,7 @@ function check_page_security($page_security) . "
" . _("Please contact your system administrator.") : _("Please remove \$security_groups and \$security_headings arrays from config.php file!"); - page(_("Access denied"), false); - display_error($msg); + display_error($msg); end_page(); kill_login(); exit; @@ -68,20 +67,37 @@ function check_page_security($page_security) if (!$_SESSION["wa_current_user"]->can_access_page($page_security)) { - // no_menu parameter guess here is ugly hack, but works for now. - // Better solution is to use global switch for menu, set before - // session.inc inclusion. - page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/')); echo "



"; echo _("The security settings on your account do not permit you to access this function"); echo ""; echo "



"; end_page(); - //kill_login(); exit; } } +/* + Helper function for setting page security level depeding on + GET start variable and/or some value stored in session variable. + Before the call $page_security should be set to default page_security value. +*/ +function set_page_security($value=null, $trans = array(), $gtrans = array()) +{ + global $page_security; + + // first check is this is not start page call + foreach($gtrans as $key => $area) + if (isset($_GET[$key])) { + $page_security = $area; + return; + } + + // then check session value + if (isset($trans[$value])) { + $page_security = $trans[$value]; + return; + } +} //----------------------------------------------------------------------------- // Removing magic quotes from nested arrays/variables @@ -149,7 +165,7 @@ header("Cache-control: private"); get_text_init(); // Page Initialisation -if (!isset($_SESSION['languages'])) +if (!isset($_SESSION['language'])) { load_languages(); // sets also default $_SESSION['language'] } @@ -235,16 +251,6 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ $_SESSION["App"] = new front_accounting(); $_SESSION["App"]->init(); } - - /* - This call is necessary only at: - . on any page with non-standard security areas - . in security roles editor - To be optmized after. - */ - add_access_extensions(); - - check_page_security($page_security); } // POST vars cleanup needed for direct reuse. // We quote all values later with db_escape() before db update.