X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=includes%2Fsession.inc;h=e8361df82db0c3221dd5cdef62b194190d5e0956;hb=deb258224a97804610393ef563d45b5af5c5243a;hp=d3ddf6009ed36bbe5645a12e49fe00611659b9c7;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/includes/session.inc b/includes/session.inc
index d3ddf600..e8361df8 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -16,6 +16,25 @@
 
     include_once($path_to_root . "/includes/current_user.inc");
 
+/*
+	// Make sure this directory exists and is writable!
+	$session_save_path = dirname(__FILE__).'/tmp/';
+*/
+
+	$session_save_path = session_save_path();
+	if (strpos($session_save_path, ";") !== false)
+		$session_save_path = substr($session_save_path, strpos($session_save_path, ";") + 1);
+
+	if (isset($session_save_path))
+	{
+		session_save_path($session_save_path);
+		unset($session_save_path);
+	}
+	if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
+		die("Restricted access");
+	include_once($path_to_root . "/config_db.php");
+	include_once($path_to_root . "/includes/lang/language.php");
+
     include_once($path_to_root . "/config.php");
 
     include_once($path_to_root . "/includes/main.inc");
@@ -76,7 +95,6 @@
 	}
 
 	//----------------------------------------------------------------------------------------
-
 	if (!isset($_SESSION["wa_current_user"]) ||
 		(isset($_SESSION["wa_current_user"]) && !$_SESSION["wa_current_user"]->logged_in())) 
 	{
@@ -104,8 +122,6 @@
 		}
    	}
 
-   	check_page_security($page_security);
-
     // Run with debugging messages for the system administrator(s) but not anyone else
     /*if (in_array(15, $security_groups[$_SESSION["AccessLevel"]])) {
         $debug = 1;
@@ -114,4 +130,8 @@
     }*/
 
 	//----------------------------------------------------------------------------------------
+   	check_page_security($page_security);
+
+
+
 ?>
\ No newline at end of file