require_once 'form.php'; require_once 'open_invoices.php'; require_once 'settings.php'; require_once 'localize.php'; require_once 'settings_list.php'; require_once 'version.php'; require_once 'sqlfuncs.php'; sesVerifySession(); $strFunc = sanitize(getRequest('func', 'open_invoices')); $strList = sanitize(getRequest('list', '')); $strForm = sanitize(getRequest('form', '')); if (!$strFunc) { $strFunc = 'open_invoices'; } if ($strFunc == 'logout') { header('Location: ' . getSelfPath() . '/logout.php'); exit; } if (!$strFunc && $strForm) { $strFunc = 'invoices'; } $title = getPageTitle($strFunc, $strList, $strForm); if ($strFunc == 'system' && getRequest('operation', '') == 'dbdump' && sesAccessLevel([ROLE_BACKUPMGR, ROLE_ADMIN])) { create_db_dump(); exit; } echo htmlPageStart(_PAGE_TITLE_ . " - {$title}", getSetting('session_keepalive') ? ['js/keepalive.js'] : null); $normalMenuRights = [ROLE_READONLY, ROLE_USER, ROLE_BACKUPMGR]; $astrMainButtons = [['name' => 'invoice', 'title' => 'locShowInvoiceNavi', 'action' => 'open_invoices', 'levels_allowed' => [ROLE_READONLY, ROLE_USER, ROLE_BACKUPMGR]], ['name' => 'archive', 'title' => 'locShowArchiveNavi', 'action' => 'archived_invoices', 'levels_allowed' => [ROLE_READONLY, ROLE_USER, ROLE_BACKUPMGR]], ['name' => 'company', 'title' => 'locShowClientNavi', 'action' => 'companies', 'levels_allowed' => [ROLE_USER, ROLE_BACKUPMGR]], ['name' => 'reports', 'title' => 'locShowReportNavi', 'action' => 'reports', 'levels_allowed' => [ROLE_READONLY, ROLE_USER, ROLE_BACKUPMGR]], ['name' => 'settings', 'title' => 'locShowSettingsNavi', 'action' => 'settings', 'action' => 'settings', 'levels_allowed' => [ROLE_USER, ROLE_BACKUPMGR]], ['name' => 'system', 'title' => 'locShowSystemNavi', 'action' => 'system', 'levels_allowed' => [ROLE_BACKUPMGR, ROLE_ADMIN]], ['name' => 'logout', 'title' => 'locLogout', 'action' => 'logout', 'levels_allowed' => null]]; ?>
$upgradeMessage = $GLOBALS['locDatabaseUpgraded']; break; case 'FAILED': $upgradeFailed = true; $upgradeMessage = $GLOBALS['locDatabaseUpgradeFailed']; break; } $strMessage = $GLOBALS['locWelcomeMessage']; if ($strLogon) { if ($strLogin && $strPasswd) { switch (sesCreateSession($strLogin, $strPasswd)) { case 'OK': if ($backlink == '1' && isset($_SESSION['BACKLINK'])) { header('Location: ' . $_SESSION['BACKLINK']); } else { header('Location: ' . getSelfPath() . '/index.php'); } exit; case 'FAIL': $strMessage = $GLOBALS['locInvalidCredentials']; break; case 'TIMEOUT': $strMessage = $GLOBALS['locLoginTimeout']; break; } } else { $strMessage = $GLOBALS['locMissingFields']; } } $key = sesCreateKey(); echo htmlPageStart(_PAGE_TITLE_, ['jquery/js/jquery.md5.js']);
function sesVerifySession($redirect = TRUE) { if (!session_id()) { session_start(); } if (isset($_SESSION['REMOTE_ADDR']) && $_SESSION['REMOTE_ADDR'] == $_SERVER['REMOTE_ADDR']) { $_SESSION['ACCESSTIME'] = time(); return true; } if ($redirect) { if (substr($_SERVER['SCRIPT_FILENAME'], -9, 9) == 'index.php' && $_SERVER['QUERY_STRING'] && getRequest('func', '') != 'logout') { $_SESSION['BACKLINK'] = getSelfPath() . '/index.php?' . $_SERVER['QUERY_STRING']; header('Location: ' . getSelfPath() . '/login.php?backlink=1'); } else { header('Location: ' . getSelfPath() . '/login.php'); } } else { header('HTTP/1.1 403 Forbidden'); } exit; }