}
//Keep the session activity alive
$thisstaff->refreshSession();
/******* CSRF Protectin *************/
// Enforce CSRF protection for POSTS
if ($_POST && !$ost->checkCSRFToken()) {
Http::response(400, 'Valid CSRF Token Required');
exit;
}
//Add token to the header - used on ajax calls [DO NOT CHANGE THE NAME]
$ost->addExtraHeader('<meta name="csrf_token" content="' . $ost->getCSRFToken() . '" />');
/******* SET STAFF DEFAULTS **********/
//Set staff's timezone offset.
$_SESSION['TZ_OFFSET'] = $thisstaff->getTZoffset();
$_SESSION['TZ_DST'] = $thisstaff->observeDaylight();
define('PAGE_LIMIT', $thisstaff->getPageLimit() ? $thisstaff->getPageLimit() : DEFAULT_PAGE_LIMIT);
//Clear some vars. we use in all pages.
$errors = array();
$msg = $warn = $sysnotice = '';
$tabs = array();
$submenu = array();
$exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php', 'ajax.php', 'logs.php', 'upgrade.php'));
if ($ost->isUpgradePending() && !$exempt) {
$errors['err'] = $sysnotice = 'System upgrade is pending <a href="upgrade.php">Upgrade Now</a>';
require 'upgrade.php';
exit;
} elseif ($cfg->isHelpDeskOffline()) {
$sysnotice = '<strong>System is set to offline mode</strong> - Client interface is disabled and ONLY admins can access staff control panel.';
$sysnotice .= ' <a href="settings.php">Enable</a>.';
}
$nav = new StaffNav($thisstaff);
