Access level checking moved to page() function to make session start and access...

author Janusz Dobrowolski <janusz@frontaccounting.eu>

Wed, 30 Sep 2009 22:19:13 +0000 (22:19 +0000)

committer Janusz Dobrowolski <janusz@frontaccounting.eu>

Wed, 30 Sep 2009 22:19:13 +0000 (22:19 +0000)
author Janusz Dobrowolski <janusz@frontaccounting.eu>
Wed, 30 Sep 2009 22:19:13 +0000 (22:19 +0000)
committer Janusz Dobrowolski <janusz@frontaccounting.eu>
Wed, 30 Sep 2009 22:19:13 +0000 (22:19 +0000)
diff --git a/includes/main.inc b/includes/main.inc

index f52d88c6088a5d383ffa926f80dddab4c5d75484..f01bcddcd30dc4f97a502a3942d2663a40c65b2f 100644 (file)
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -28,13 +28,15 @@ include_once($path_to_root . "/includes/ui/ui_controls.inc");
  function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false)
  {
  
-       global $path_to_root;
+       global $path_to_root, $page_security;
+
  
         $hide_menu = $no_menu;
  
         include($path_to_root . "/includes/page/header.inc");
  
         page_header($title, $no_menu, $is_index, $onload, $js);
+       check_page_security($page_security);
  //     error_box();
         if($script_only) {              
                 echo '<noscript>';
diff --git a/includes/session.inc b/includes/session.inc

index 89d8c333a25ace6ed4b18dae83da0a6c0b4cb59f..3617a91c8dc709e80b4ad74c9f89af9ae5f578a7 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -59,8 +59,7 @@ function check_page_security($page_security)
                                 . "<br>" . _("Please contact your system administrator.")       
                         : _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
  
-               page(_("Access denied"), false);
-                       display_error($msg);
+               display_error($msg);
                 end_page();
                 kill_login();
                 exit;
@@ -68,17 +67,12 @@ function check_page_security($page_security)
  
         if (!$_SESSION["wa_current_user"]->can_access_page($page_security))
         {
-               // no_menu parameter guess here is ugly hack, but works for now.
-               // Better solution is to use global switch for menu, set before 
-               // session.inc inclusion.
-               page(_("Access denied"), strpos($_SERVER['PHP_SELF'], '/view/'));
  
                 echo "<center><br><br><br><b>";
                 echo _("The security settings on your account do not permit you to access this function");
                 echo "</b>";
                 echo "<br><br><br><br></center>";
                 end_page();
-               //kill_login();
                 exit;
         }
  }
@@ -244,7 +238,6 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
         */
         add_access_extensions();
  
-       check_page_security($page_security);
  }
  // POST vars cleanup needed for direct reuse.
  // We quote all values later with db_escape() before db update.
author	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Wed, 30 Sep 2009 22:19:13 +0000 (22:19 +0000)
committer	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Wed, 30 Sep 2009 22:19:13 +0000 (22:19 +0000)
includes/main.inc		patch \| blob \| history
includes/session.inc		patch \| blob \| history