} //Keep the session activity alive $thisstaff->refreshSession(); /******* CSRF Protectin *************/ // Enforce CSRF protection for POSTS if ($_POST && !$ost->checkCSRFToken()) { Http::response(400, 'Valid CSRF Token Required'); exit; } //Add token to the header - used on ajax calls [DO NOT CHANGE THE NAME] $ost->addExtraHeader('<meta name="csrf_token" content="' . $ost->getCSRFToken() . '" />'); /******* SET STAFF DEFAULTS **********/ //Set staff's timezone offset. $_SESSION['TZ_OFFSET'] = $thisstaff->getTZoffset(); $_SESSION['TZ_DST'] = $thisstaff->observeDaylight(); define('PAGE_LIMIT', $thisstaff->getPageLimit() ? $thisstaff->getPageLimit() : DEFAULT_PAGE_LIMIT); //Clear some vars. we use in all pages. $errors = array(); $msg = $warn = $sysnotice = ''; $tabs = array(); $submenu = array(); $exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php', 'ajax.php', 'logs.php', 'upgrade.php')); if ($ost->isUpgradePending() && !$exempt) { $errors['err'] = $sysnotice = 'System upgrade is pending <a href="upgrade.php">Upgrade Now</a>'; require 'upgrade.php'; exit; } elseif ($cfg->isHelpDeskOffline()) { $sysnotice = '<strong>System is set to offline mode</strong> - Client interface is disabled and ONLY admins can access staff control panel.'; $sysnotice .= ' <a href="settings.php">Enable</a>.'; } $nav = new StaffNav($thisstaff);