X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fcurrent_user.inc;h=5430b1104c2eb1d59b1ae31df94f364a0901bf1b;hb=05ba2d82d4230a8ea991920515cdc2377fcacfd0;hp=deeda60f2099d04948ff78324706c61d966d107b;hpb=818719f38b8327cdca616d58b13913dbd174d96a;p=fa-stable.git

diff --git a/includes/current_user.inc b/includes/current_user.inc
index deeda60f..5430b110 100644
--- a/includes/current_user.inc
+++ b/includes/current_user.inc
@@ -1,13 +1,13 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-	Released under the terms of the GNU Affero General Public License,
-	AGPL, as published by the Free Software Foundation, either version 
-	3 of the License, or (at your option) any later version.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 include_once($path_to_root . "/includes/prefs/userprefs.inc");
 
@@ -15,14 +15,17 @@ include_once($path_to_root . "/includes/prefs/userprefs.inc");
 
 class current_user
 {
-
+	var $user;
 	var $loginname;
 	var $username;
-	var	$name;
+	var $name;
 	var $company;
 	var $pos;
 	var $access;
-
+	var $timeout;
+	var $last_act;
+	var $role_set = false;
+	
 	var $logged;
 	var $ui_mode = 0;
 	
@@ -30,10 +33,13 @@ class current_user
 
 	function current_user()
 	{
-		$this->loginname = $username = $this->name = $this->company = "";
+		global $def_coy;
+		
+		$this->loginname = $this->username = $this->name = "";
+		$this->company = isset($def_coy)? $def_coy : 0;
 		$this->logged = false;
 
-		$this->prefs = null;
+		$this->prefs = new user_prefs();
 	}
 
 	function logged_in()
@@ -48,45 +54,95 @@ class current_user
 
 	function login($company, $loginname, $password)
 	{
+		global $security_areas, $security_groups, $security_headings;
+		
 		$this->set_company($company);
+	    $this->logged = false;
 
 		$Auth_Result = get_user_for_login($loginname, $password);
 
 		if (db_num_rows($Auth_Result) > 0)
 		{
-            $myrow = db_fetch($Auth_Result);
-
-        	    $this->access = $myrow["full_access"];
+			$myrow = db_fetch($Auth_Result);
+			$this->old_db = isset($myrow["full_access"]);
+			if (! @$myrow["inactive"]) {
+				if ($this->old_db) { 
+					// Transition code:
+					// db was not yet upgraded after source update to v.2.2
+					// give enough access for admin user to continue upgrade
+					if (!isset($security_groups) || !isset($security_headings)) {
+						echo "<center><br><br><font size='5' color='red'><b>";
+						echo _('Before software upgrade you have to include old $security_groups and $security_headings arrays from old config.php file to the new one.');
+						echo "</b></font><br><br></center>";
+						exit;
+					}
+	        	    $this->access = $myrow["full_access"];
+	        	    if (in_array(20, $security_groups[$this->access]))
+						// temporary access for admin users
+						$this->role_set[] = $security_areas['SA_SOFTWAREUPGRADE'][0];
+					else {
+						echo "<center><br><br><font size='5' color='red'><b>";
+						echo _('System is available for site admin only until full database upgrade');
+						echo "</b></font><br><br></center>";
+						exit;
+					}
+	        	} else {
+					$this->role_set = array();
+	        	    $this->access = $myrow["role_id"];
+					// store area codes available for current user role
+					$role = get_security_role($this->access);
+					if (!$role) 
+						return false;
+					foreach( $role['areas'] as $code )
+						// filter only area codes for enabled security sections
+						if (in_array($code&~0xff, $role['sections'])) 
+							$this->role_set[] = $code;
+	        	}
         	    $this->name = $myrow["real_name"];
         	    $this->pos = $myrow["pos"];
         	    $this->loginname = $loginname;
         	    $this->username = $this->loginname;
         	    $this->prefs = new user_prefs($myrow);
-
-		    update_user_visitdate($loginname);
-		    $this->logged = true;
-
-		}
-		else
-		{
-			$this->logged = false;
+        	    $this->user = @$myrow["id"];
+		    	update_user_visitdate($this->username);
+		    	$this->logged = true;
+				$this->last_act = time();
+				$this->timeout = session_timeout();
+			}
 		}
-
 		return $this->logged;
 	}
 
 	function check_user_access()
 	{
 		global $security_groups;
-		return is_array($security_groups[$this->access]);
+		if ($this->old_db) {
+			// notification after upgrade from pre-2.2 version
+			return isset($security_groups) && is_array(@$security_groups[$this->access]);
+		} else
+			return !isset($security_groups) && is_array($this->role_set);
+	}
+
+	function can_access($page_level)
+	{
+		global $security_groups, $security_areas;
+
+		if (isset($security_groups)) {
+			return $this->company == 0 &&
+				in_array(20, $security_groups[$this->access]);
+		}
+
+		if ($page_level === 'SA_OPEN') 
+			return true;
+		$code = $security_areas[$page_level][0];
+		// only first registered company has site admin privileges
+		return $code && in_array($code, $this->role_set)
+			&& ($this->company == 0 || ($code&~0xff != SS_SADMIN));
 	}
 
 	function can_access_page($page_level)
 	{
-		global $security_groups;
-		// first registered company has site admin privileges
-		return isset($page_level) && in_array($page_level, $security_groups[$this->access])
-			&& ($this->company == 0 || $page_level != 20); 
+		return $this->can_access($page_level);
 	}
 
 	function get_db_connection()
@@ -109,14 +165,15 @@ class current_user
 
 	function update_prefs($price_dec, $qty_dec, $exrate_dec, $percent_dec, 
 		$showgl, $showcodes, $date_format, $date_sep, $tho_sep, $dec_sep, 
-		$theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, $graphic_links) {
-		update_user_display_prefs($this->username, $price_dec, 
+		$theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, 
+		$graphic_links, $lang, $stickydate, $startup_tab) {
+		update_user_display_prefs($this->user, $price_dec, 
 			$qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes, 
 			$date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, 
-			$show_hints, $profile, $rep_popup, $query_size, $graphic_links);
+			$show_hints, $profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate, $startup_tab);
 
 		// re-read the prefs
-		$user = get_user($this->username);
+		$user = get_user($this->user);
 		$this->prefs = new user_prefs($user);
 	}
 }
@@ -149,6 +206,20 @@ function price_format($number) {
     return number_format2($number,
 	$_SESSION["wa_current_user"]->prefs->price_dec());
 }
+
+function price_decimal_format($number, &$dec)
+{
+	$dec = user_price_dec();
+	$str = strval($number);
+	$pos = strpos($str, '.');
+	if ($pos !== false)
+	{
+		$len = strlen(substr($str, $pos + 1));
+		if ($len > $dec)
+			$dec = $len;
+	}
+	return number_format2($number, $dec);
+}
 // 2008-06-15. Added extra parameter $stock_id and reference for $dec
 //--------------------------------------------------------------------
 function qty_format($number, $stock_id=null, &$dec) {
@@ -301,34 +372,52 @@ function user_graphic_links()
 	return $_SESSION["wa_current_user"]->prefs->graphic_links();
 }
 
+function sticky_doc_date()
+{
+	return $_SESSION["wa_current_user"]->prefs->sticky_date();
+}
+
+function user_startup_tab()
+{
+	return $_SESSION["wa_current_user"]->prefs->start_up_tab();
+}
+
 function set_user_prefs($price_dec, $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes,
 	$date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints,
-	$print_profile, $rep_popup, $query_size, $graphic_links)
+	$print_profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate, $startup_tab)
 {
 
 	$_SESSION["wa_current_user"]->update_prefs($price_dec, $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes,
 		$date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints,
-		$print_profile, $rep_popup, $query_size, $graphic_links);
+		$print_profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate, $startup_tab);
 }
 
 function add_user_js_data() {
-	global $path_to_root, $thoseps, $decseps;
+	global $path_to_root, $thoseps, $decseps, $date_system, $dateseps;
 
 	$ts = $thoseps[user_tho_sep()];
 	$ds = $decseps[user_dec_sep()];
 
-    $js = "\n<script type=\"text/javascript\">\n"
-	  . "<!--\n"
+    $js = "\n"
 	  . "var user = {\n"
-	  . "theme: '". $path_to_root . '/themes/'. 'default' /*user_theme()*/.'/'."',\n"
+	  . "theme: '". $path_to_root . '/themes/'. user_theme().'/'."',\n"
 	  . "loadtxt: '"._('Requesting data...')."',\n"
+	  . "date: '".Today()."',\n"	// server date
+	  . "datesys: ".$date_system.",\n"
+	  . "datefmt: ".user_date_format().",\n"
+	  . "datesep: '".$dateseps[user_date_sep()]."',\n"
 	  . "ts: '$ts',\n"
 	  . "ds: '$ds',\n"
-	  . "pdec : " . user_price_dec() . "}\n--></script>";
+	  . "pdec : " . user_price_dec() . "}\n";
 
   add_js_source($js);
 }
 
 //--------------------------------------------------------------------------
 
+function session_timeout()
+{
+	$tout = @get_company_pref('login_tout'); // mask warning for db ver. 2.2
+	return $tout ? $tout : ini_get('session.gc_maxlifetime');
+}
 ?>
\ No newline at end of file