function hesk_isLoggedIn() { global $hesk_settings; $referer = hesk_input($_SERVER['REQUEST_URI']); $referer = str_replace('&', '&', $referer); if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) { if ($hesk_settings['autologin'] && hesk_autoLogin(1)) { // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } else { hesk_session_regenerate_id(); // Let's make sure access data is up-to-date $res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); // Exit if user not found if (hesk_dbNumRows($res) != 1) { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } // Fetch results from database $me = hesk_dbFetchAssoc($res); // Verify this session is still valid if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } // Update session variables as needed if ($me['isadmin'] == 1) { $_SESSION['isadmin'] = 1; } else { $_SESSION['isadmin'] = 0; $_SESSION['categories'] = explode(',', $me['categories']); $_SESSION['heskprivileges'] = $me['heskprivileges']; } // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } }
function hesk_isLoggedIn() { global $hesk_settings; $referer = hesk_input($_SERVER['REQUEST_URI']); $referer = str_replace('&', '&', $referer); if (empty($_SESSION['id'])) { if ($hesk_settings['autologin'] && hesk_autoLogin(1)) { // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } // Some pages cannot be redirected to $modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php'); foreach ($modify_redirect as $from => $to) { if (strpos($referer, $from) !== false) { $referer = $to; } } $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } else { hesk_session_regenerate_id(); // Need to update permissions? if (empty($_SESSION['isadmin'])) { $res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $me = hesk_dbFetchAssoc($res); foreach ($me as $k => $v) { $_SESSION[$k] = $v; } // Get allowed categories if (empty($_SESSION['isadmin'])) { $_SESSION['categories'] = explode(',', $_SESSION['categories']); } } else { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } } // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } }