X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=98ed4677ccba50aab299aa3e16ae525a76ec968e;hb=ead566f5e20aec8925be69a83803d2de95c26bb8;hp=85ea33ede9322f455b6b2c29f61020609475c8a1;hpb=7cf8fadfc60a53eee553877754008b9b34d46e74;p=fa-stable.git
diff --git a/includes/session.inc b/includes/session.inc
index 85ea33ed..98ed4677 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -25,22 +25,22 @@ class SessionManager
session_start();
// Make sure the session hasn't expired, and destroy it if it has
- if (self::validateSession())
+ if ($this->validateSession())
{
// Check to see if the session is new or a hijacking attempt
- if(!self::preventHijacking())
+ if(!$this->preventHijacking())
{
// Reset session data and regenerate id
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
- self::regenerateSession();
+ $this->regenerateSession();
// Give a 5% chance of the session id changing on any request
}
elseif (rand(1, 100) <= 5)
{
- self::regenerateSession();
+ $this->regenerateSession();
}
}
else
@@ -76,16 +76,16 @@ class SessionManager
$_SESSION['EXPIRES'] = time() + 10;
// Create new session without destroying the old one
- session_regenerate_id(false);
-
+ session_regenerate_id();
+
// Grab current session ID and close both sessions to allow other scripts to use them
$newSession = session_id();
session_write_close();
-
// Set session ID to the new one, and start it back up again
+
session_id($newSession);
session_start();
-
+
// Now we unset the obsolete and expiration values for the session we want to keep
unset($_SESSION['OBSOLETE']);
unset($_SESSION['EXPIRES']);
@@ -162,7 +162,7 @@ function check_page_security($page_security)
if ($msg){
display_error($msg);
- end_page();
+ end_page(@$_REQUEST['popup']);
kill_login();
exit;
}
@@ -174,7 +174,7 @@ function check_page_security($page_security)
echo _("The security settings on your account do not permit you to access this function");
echo "";
echo "
";
- end_page();
+ end_page(@$_REQUEST['popup']);
exit;
}
if (!$_SESSION['SysPrefs']->db_ok
@@ -294,18 +294,11 @@ foreach ($installed_extensions as $ext)
ini_set('session.gc_maxlifetime', 36000); // 10hrs
-SessionManager::sessionStart('FA'.md5(dirname(__FILE__)));
-
-//SessionManager::sessionStart('Blog_myBlog', 0, '/myBlog/', 'www.site.com');
-//SessionManager::sessionStart('Accounts_Bank', 0, '/', 'accounts.bank.com', true);
-/*
hook_session_start(@$_POST["company_login_name"]);
-session_name('FA'.md5(dirname(__FILE__)));
+$Session_manager = new SessionManager();
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
-session_start();
-session_regenerate_id(true);
-*/
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
@@ -326,6 +319,7 @@ $_SESSION['language']->set_language($_SESSION['language']->code);
include_once($path_to_root . "/includes/access_levels.inc");
include_once($path_to_root . "/version.php");
include_once($path_to_root . "/includes/main.inc");
+include_once($path_to_root . "/includes/app_entries.inc");
// Ajax communication object
$Ajax = new Ajax();
@@ -405,5 +399,3 @@ $SysPrefs = &$_SESSION['SysPrefs'];
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-
-?>
\ No newline at end of file