X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=04acec518543dc53ddc940be48a8f0bc6ad933d3;hb=7796f55d85412cbc2904b0577b419d9625958257;hp=c9e0becb80fc8103d2b5ed389fd7990ddf985144;hpb=50c10c8d64132ff5c269b23e62693db985dfe3f8;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index c9e0becb..04acec51 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -40,7 +40,7 @@ function login_fail() echo "" . _("The user and password combination is not valid for the system.") . "

"; echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system."); - echo "
" . _("Try again") . ""; + echo "
" . _("Try again") . ""; echo ""; kill_login(); @@ -59,8 +59,7 @@ function check_page_security($page_security) . "
" . _("Please contact your system administrator.") : _("Please remove \$security_groups and \$security_headings arrays from config.php file!"); - page(_("Access denied"), false); - display_error($msg); + display_error($msg); end_page(); kill_login(); exit; @@ -68,20 +67,37 @@ function check_page_security($page_security) if (!$_SESSION["wa_current_user"]->can_access_page($page_security)) { - // no_menu parameter guess here is ugly hack, but works for now. - // Better solution is to use global switch for menu, set before - // session.inc inclusion. - page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/')); echo "



"; echo _("The security settings on your account do not permit you to access this function"); echo ""; echo "



"; end_page(); - //kill_login(); exit; } } +/* + Helper function for setting page security level depeding on + GET start variable and/or some value stored in session variable. + Before the call $page_security should be set to default page_security value. +*/ +function set_page_security($value=null, $trans = array(), $gtrans = array()) +{ + global $page_security; + + // first check is this is not start page call + foreach($gtrans as $key => $area) + if (isset($_GET[$key])) { + $page_security = $area; + return; + } + + // then check session value + if (isset($trans[$value])) { + $page_security = $trans[$value]; + return; + } +} //----------------------------------------------------------------------------- // Removing magic quotes from nested arrays/variables @@ -124,9 +140,9 @@ if (!isset($path_to_root)) if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) die("Restricted access"); +include_once($path_to_root . "/includes/current_user.inc"); include_once($path_to_root . "/frontaccounting.php"); include_once($path_to_root . "/admin/db/security_db.inc"); -include_once($path_to_root . "/includes/current_user.inc"); include_once($path_to_root . "/includes/lang/language.php"); include_once($path_to_root . "/config_db.php"); include_once($path_to_root . "/includes/ajax.inc"); @@ -229,14 +245,12 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ } } + include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php'); + if (!isset($_SESSION["App"])) { $_SESSION["App"] = new front_accounting(); $_SESSION["App"]->init(); } - -//---------------------------------------------------------------------------------------- - - check_page_security($page_security); } // POST vars cleanup needed for direct reuse. // We quote all values later with db_escape() before db update.