$cookie_httponly = TRUE; // Use custom session lifetime if (is_numeric($GLOBALS['config']['web_session_lifetime']) && $GLOBALS['config']['web_session_lifetime'] >= 0) { $lifetime = intval($GLOBALS['config']['web_session_lifetime']); } @ini_set('session.gc_maxlifetime', $lifetime); // Session lifetime session_set_cookie_params($lifetime, $cookie_path, $cookie_domain, $cookie_https, $cookie_httponly); register_shutdown_function('session_write_close'); //session_write_close(); if (!session_is_active()) { session_write_close(); // Prevent session auto start session_start(); if (isset($_SESSION['starttime'])) { if ($currenttime - $_SESSION['starttime'] >= $lifetime_id && !is_graph()) { // ID Lifetime expired, regenerate session_regenerate_id(TRUE); // Clean cache from _SESSION first, this cache used in ajax calls if (isset($_SESSION['cache'])) { unset($_SESSION['cache']); } $_SESSION['starttime'] = $currenttime; } } else { $_SESSION['starttime'] = $currenttime; } //if (!is_graph()) //{ // print_vars($vars); print_vars($_SESSION); print_vars($_COOKIE); //}
function is_entity_permitted($entity_id, $entity_type, $device_id = NULL, $permissions = NULL) { if (is_null($permissions) && isset($GLOBALS['permissions'])) { // Note, pass permissions array by param used in permissions_cache() $permissions = $GLOBALS['permissions']; } //if (OBS_DEBUG) //{ // print_vars($permissions); // print_vars($_SESSION); // print_vars($GLOBALS['auth']); // print_vars(is_graph()); //} if (!is_numeric($device_id)) { $device_id = get_device_id_by_entity_id($entity_id, $entity_type); } if (isset($_SESSION['user_limited']) && !$_SESSION['user_limited']) { // User not limited (userlevel >= 5) $allowed = TRUE; } else { if (is_numeric($device_id) && device_permitted($device_id)) { $allowed = TRUE; } else { if (isset($permissions[$entity_type][$entity_id]) && $permissions[$entity_type][$entity_id]) { $allowed = TRUE; } else { if (isset($GLOBALS['auth']) && is_graph()) { $allowed = $GLOBALS['auth']; } else { $allowed = FALSE; } } } } if (OBS_DEBUG) { $debug_msg = "PERMISSIONS CHECK. Entity type: {$entity_type}, Entity ID: {$entity_id}, Device ID: " . ($device_id ? $device_id : 'NULL') . ", Allowed: " . ($allowed ? 'TRUE' : 'FALSE') . "."; if (isset($GLOBALS['notifications'])) { $GLOBALS['notifications'][] = array('text' => $debug_msg, 'severity' => 'debug'); } else { print_debug($debug_msg); } } return $allowed; }