X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=8f780caa3220a1aba764784f0310d9101110af29;hb=fbdfe3f3da62ecf86e3ad978b89efbb6c317a47a;hp=3617a91c8dc709e80b4ad74c9f89af9ae5f578a7;hpb=d497aeb2d93ed1c705007fa6ff84a4c470f7f538;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index 3617a91c..8f780caa 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -76,6 +76,28 @@ function check_page_security($page_security) exit; } } +/* + Helper function for setting page security level depeding on + GET start variable and/or some value stored in session variable. + Before the call $page_security should be set to default page_security value. +*/ +function set_page_security($value=null, $trans = array(), $gtrans = array()) +{ + global $page_security; + + // first check is this is not start page call + foreach($gtrans as $key => $area) + if (isset($_GET[$key])) { + $page_security = $area; + return; + } + + // then check session value + if (isset($trans[$value])) { + $page_security = $trans[$value]; + return; + } +} //----------------------------------------------------------------------------- // Removing magic quotes from nested arrays/variables @@ -143,7 +165,7 @@ header("Cache-control: private"); get_text_init(); // Page Initialisation -if (!isset($_SESSION['languages'])) +if (!isset($_SESSION['language'])) { load_languages(); // sets also default $_SESSION['language'] } @@ -184,8 +206,6 @@ set_error_handler('error_handler' /*, errtypes */); if (!isset($_SESSION["wa_current_user"])) $_SESSION["wa_current_user"] = new current_user(); -set_global_connection(); - // logout.php is the only page we should have always // accessable regardless of access level and current login status. if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ @@ -221,24 +241,19 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ $lang = &$_SESSION['language']; $lang->set_language($_SESSION['language']->code); } - } + } else + set_global_connection(); - include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php'); + if (!$_SESSION["wa_current_user"]->old_db) + include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php'); if (!isset($_SESSION["App"])) { $_SESSION["App"] = new front_accounting(); $_SESSION["App"]->init(); } +} - /* - This call is necessary only at: - . on any page with non-standard security areas - . in security roles editor - To be optmized after. - */ - add_access_extensions(); -} // POST vars cleanup needed for direct reuse. // We quote all values later with db_escape() before db update. $_POST = strip_quotes($_POST);