X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=f449407d9af302f698a555bb4d4810c8c86dec6d;hb=510d6e1925c4d1621ae3efd85e117cc9bb4320f0;hp=3617a91c8dc709e80b4ad74c9f89af9ae5f578a7;hpb=d497aeb2d93ed1c705007fa6ff84a4c470f7f538;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index 3617a91c..f449407d 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -76,6 +76,28 @@ function check_page_security($page_security) exit; } } +/* + Helper function for setting page security level depeding on + GET start variable and/or some value stored in session variable. + Before the call $page_security should be set to default page_security value. +*/ +function set_page_security($value=null, $trans = array(), $gtrans = array()) +{ + global $page_security; + + // first check is this is not start page call + foreach($gtrans as $key => $area) + if (isset($_GET[$key])) { + $page_security = $area; + return; + } + + // then check session value + if (isset($trans[$value])) { + $page_security = $trans[$value]; + return; + } +} //----------------------------------------------------------------------------- // Removing magic quotes from nested arrays/variables @@ -143,7 +165,7 @@ header("Cache-control: private"); get_text_init(); // Page Initialisation -if (!isset($_SESSION['languages'])) +if (!isset($_SESSION['language'])) { load_languages(); // sets also default $_SESSION['language'] } @@ -223,21 +245,13 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ } } - include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php'); + if (!$_SESSION["wa_current_user"]->old_db) + include_once($path_to_root . '/company/'.user_company().'/installed_extensions.php'); if (!isset($_SESSION["App"])) { $_SESSION["App"] = new front_accounting(); $_SESSION["App"]->init(); } - - /* - This call is necessary only at: - . on any page with non-standard security areas - . in security roles editor - To be optmized after. - */ - add_access_extensions(); - } // POST vars cleanup needed for direct reuse. // We quote all values later with db_escape() before db update.