X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=b641fbcc66b8925cae563635fba1740df630a9ec;hb=61c780745e4743d3bf4c8ef8d23ad2f34ddc121b;hp=e8a83a6dad9f6d67d6b313e4aa40a23194336482;hpb=d23ee699ca01df5ef6daa78fd3af6605c2ab9852;p=fa-stable.git
diff --git a/includes/session.inc b/includes/session.inc
index e8a83a6d..b641fbcc 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -45,6 +45,37 @@ function login_fail()
die();
}
+//----------------------------------------------------------------------------------------
+
+function check_page_security($page_security)
+{
+ if (!$_SESSION["wa_current_user"]->check_user_access())
+ {
+ echo "
";
+ echo "" . _("Security settings have not been defined for your user account.");
+ echo "
" . _("Please contact your system administrator.") . "";
+
+ kill_login();
+ exit;
+ }
+
+ if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
+ {
+ // no_menu parameter guess here is ugly hack, but works for now.
+ // Better solution is to use global switch for menu, set before
+ // session.inc inclusion.
+ page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
+
+ echo "
";
+ echo _("The security settings on your account do not permit you to access this function");
+ echo "";
+ echo "
";
+ end_page();
+ //kill_login();
+ exit;
+ }
+}
+
//-----------------------------------------------------------------------------
// Removing magic quotes from nested arrays/variables
//
@@ -152,6 +183,8 @@ if (!isset($_SESSION["App"])) {
//----------------------------------------------------------------------------------------
+check_page_security($page_security);
+
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);