X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=dad1c1c94f1cca20259e8f77ac2f937a8e7a18da;hb=7e8c90ee7e898a9181f62f387ccb92158f47f59c;hp=f8d8c1e6253b786906c1c0a86af5ace4aa5d1054;hpb=f4737ea725de62440c8bf58a7b4d7b187268fe93;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index f8d8c1e6..dad1c1c9 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -61,7 +61,11 @@ function check_page_security($page_security) if (!$_SESSION["wa_current_user"]->can_access_page($page_security)) { - page(_("Access denied")); + // no_menu parameter guess here is ugly hack, but works for now. + // Better solution is to use global switch for menu, set before + // session.inc inclusion. + page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/')); + echo "



"; echo _("The security settings on your account do not permit you to access this function"); echo ""; @@ -88,6 +92,20 @@ function strip_quotes($data) return $data; } +//============================================================================ +// +// +function login_timeout() +{ + if ($_SESSION["wa_current_user"]->logged) { + $tout = $_SESSION["wa_current_user"]->timeout; + if ($tout && (time() > $_SESSION["wa_current_user"]->last_act + $tout)) + { + $_SESSION["wa_current_user"]->logged = false; + } + $_SESSION["wa_current_user"]->last_act = time(); + } +} //============================================================================ if (!isset($path_to_root)) { @@ -106,9 +124,13 @@ include_once($path_to_root . "/includes/ajax.inc"); include_once($path_to_root . "/includes/ui/ui_msgs.inc"); /* + Uncomment the setting below when using FA on shared hosting + to avoid unexpeced session timeouts. Make sure this directory exists and is writable! -// $session_save_path = dirname(__FILE__).'/../tmp/'; */ +//ini_set('session.save_path', dirname(__FILE__).'/../tmp/'); + +ini_set('session.gc_maxlifetime', 36000); // 10hrs session_name('FrontAccounting'); session_start(); @@ -139,9 +161,13 @@ $Ajax =& new Ajax(); // js/php validation rules container $Validate = array(); +// bindings for editors +$Editors = array(); +// page help. Currently help for function keys. +$Pagehelp = array(); // intercept all output to destroy it in case of ajax call -register_shutdown_function('ob_end_flush'); +register_shutdown_function('end_flush'); ob_start('output_html',0); // colect all error msgs @@ -149,15 +175,27 @@ set_error_handler('error_handler' /*, errtypes */); if (!isset($_SESSION["wa_current_user"])) $_SESSION["wa_current_user"] = new current_user(); + set_global_connection(); +login_timeout(); + if (!$_SESSION["wa_current_user"]->logged_in()) { // Show login screen if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "") { - include($path_to_root . "/access/login.php"); - $Ajax->redirect($path_to_root . "/access/login.php"); + if (strstr($_SERVER['PHP_SELF'], 'timeout.php') == false) + $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'], + 'post' => $_POST); + + if (!in_ajax()) { + include($path_to_root . "/access/login.php"); + } else { + // ajax update of current page elements - open login window in popup + // to not interfere with ajaxified page. + $Ajax->popup($path_to_root . "/access/timeout.php"); + } exit; } else { $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],