Redirect("Default.php?timeout"); exit; } else { $_SESSION['tLastOperation'] = time(); } } // If this user needs to change password, send to that page if ($_SESSION['bNeedPasswordChange'] && !isset($bNoPasswordRedirect)) { Redirect("UserPasswordChange.php?PersonID=" . $_SESSION['iUserID']); exit; } // Check if https is required, if so, make sure we're using https. // Redirect back to login page using https if required. // This prevents someone from accessing via http by typing in the URL if ($bHTTPSOnly) { if (!isAffirmative($_SERVER['HTTPS'])) { $_SESSION['bSecureServer'] = TRUE; Redirect('Default.php'); exit; } } // Make sure visitor got here using a valid URL. // If not, try to redirect to correct page, else "Menu.php" // This check will only be performed if $_SERVER['PHP_SELF'] is set if (isset($_SERVER['PHP_SELF'])) { $sPathExtension = substr($_SERVER['PHP_SELF'], strlen($sRootPath)); $sFullPath = str_replace('\\', '/', $sDocumentRoot . $sPathExtension); if (!(file_exists($sFullPath) && is_readable($sFullPath))) { $sNewPath = substr($sFullPath, 0, strpos($sFullPath, '.php') + 4); if (file_exists($sNewPath) && is_readable($sNewPath)) { $sPage = substr($sNewPath, strrpos($sNewPath, '/') + 1);
******************************************************************************/ // Show disable message if register_globals are turned on. if (ini_get('register_globals')) { echo "<h3>ChurchInfo will not operate with PHP's register_globals option turned on.<br>"; echo 'This is for your own protection as the use of this setting could entirely undermine <br>'; echo 'all security. You need to either turn off register_globals in your php.ini or else<br>'; echo 'configure your web server to turn off register_globals for the ChurchInfo directory.</h3>'; exit; } // Include the function library require 'Include/Config.php'; $bSuppressSessionTests = true; require 'Include/Functions.php'; // Initialize the variables $sErrorText = ''; $_SESSION['bSecureServer'] = isAffirmative($_SERVER['HTTPS']); // Check if https is required, if so, check if we're using https. // Redirect back this page using https if https is required. // This prevents someone from accessing via http by typing in the URL if ($bHTTPSOnly) { if (!$_SESSION['bSecureServer']) { $_SESSION['bSecureServer'] = TRUE; Redirect('Default.php'); exit; } } // Is the user requesting to logoff or timed out? if (isset($_GET["Logoff"]) || isset($_GET['timeout'])) { if ($_SESSION['sshowPledges'] == '') { $_SESSION['sshowPledges'] = 0; }