if (!$thisstaff->getId() || !$thisstaff->isValid()) {
if (isset($_SESSION['_staff']['auth']['msg'])) {
$msg = $_SESSION['_staff']['auth']['msg'];
unset($_SESSION['_staff']['auth']['msg']);
} elseif (isset($_SESSION['_staff']['userID']) && !$thisstaff->isValid()) {
$msg = 'Session timed out due to inactivity';
} else {
$msg = 'Authentication Required';
}
staffLoginPage($msg);
exit;
}
//2) if not super admin..check system status and group status
if (!$thisstaff->isAdmin()) {
//Check for disabled staff or group!
if (!$thisstaff->isactive() || !$thisstaff->isGroupActive()) {
staffLoginPage('Access Denied. Contact Admin');
exit;
}
//Staff are not allowed to login in offline mode!!
if (!$ost->isSystemOnline() || $ost->isUpgradePending()) {
staffLoginPage('System Offline');
exit;
}
}
//Keep the session activity alive
$thisstaff->refreshSession();
/******* CSRF Protectin *************/
// Enforce CSRF protection for POSTS
if ($_POST && !$ost->checkCSRFToken()) {
Http::response(400, 'Valid CSRF Token Required');
