window.location.href='$path';";
}
exit;
}
// Permission helpers
function canView($page = null) {
if (isAdmin()) return true;
if ($page) {
return $_SESSION['permissions'][$page]['view'] ?? false;
}
return $_SESSION['can_view'] ?? false;
}
function canAdd($page = null) {
if (isAdmin()) return true;
if ($page) {
return $_SESSION['permissions'][$page]['add'] ?? false;
}
return $_SESSION['can_add'] ?? false;
}
function canEdit($page = null) {
if (isAdmin()) return true;
if ($page) {
return $_SESSION['permissions'][$page]['edit'] ?? false;
}
return $_SESSION['can_edit'] ?? false;
}
function canDelete($page = null) {
if (isAdmin()) return true;
if ($page) {
return $_SESSION['permissions'][$page]['delete'] ?? false;
}
return $_SESSION['can_delete'] ?? false;
}
function canViewInternal() {
return canView('internal');
}
// Now load centralized settings (which may use the helpers above)
require_once __DIR__ . '/settings.php';
// Fetch user info (theme and permissions)
$user_theme = 'light';
$current_user = null;
if (isLoggedIn()) {
$stmt = db()->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$current_user = $stmt->fetch();
if ($current_user) {
$user_theme = $current_user['theme'] ?: 'light';
$_SESSION['can_view'] = (bool)$current_user['can_view'];
$_SESSION['can_add'] = (bool)$current_user['can_add'];
$_SESSION['can_edit'] = (bool)$current_user['can_edit'];
$_SESSION['can_delete'] = (bool)$current_user['can_delete'];
$_SESSION['name'] = $current_user['full_name'] ?: $current_user['username'];
$_SESSION['user_role'] = strtolower($current_user['role']);
$_SESSION['role'] = strtolower($current_user['role']);
$_SESSION['is_super_admin'] = (int)$current_user['is_super_admin'];
// Load granular permissions
if (!isset($_SESSION['permissions']) || empty($_SESSION['permissions'])) {
$perm_stmt = db()->prepare("SELECT * FROM user_permissions WHERE user_id = ?");
$perm_stmt->execute([$_SESSION['user_id']]);
$perms = $perm_stmt->fetchAll();
$_SESSION['permissions'] = [];
foreach ($perms as $p) {
$_SESSION['permissions'][$p['page']] = [
'view' => (bool)$p['can_view'],
'add' => (bool)$p['can_add'],
'edit' => (bool)$p['can_edit'],
'delete' => (bool)$p['can_delete'],
];
}
}
} else {
// User not found in DB but session exists - clean up
session_destroy();
redirect('login.php');
}
}
// Auth Check (after fetch to ensure session is updated)
if (!isLoggedIn() && basename($_SERVER['PHP_SELF']) !== 'login.php' && basename($_SERVER['PHP_SELF']) !== 'forgot_password.php' && basename($_SERVER['PHP_SELF']) !== 'install.php') {
redirect('login.php');
}
// Determine active groups
$cp = basename($_SERVER['PHP_SELF']);
$mail_pages = ['inbound.php', 'outbound.php', 'internal_inbox.php', 'internal_outbox.php'];
$is_mail_open = in_array($cp, $mail_pages);
$acct_pages = ['accounting.php', 'trial_balance.php', 'balance_sheet.php', 'accounts.php'];
$is_acct_open = in_array($cp, $acct_pages);
$hr_pages = ['hr_dashboard.php', 'hr_employees.php', 'hr_attendance.php', 'hr_leaves.php', 'hr_holidays.php', 'hr_payroll.php', 'hr_reports.php'];
$is_hr_open = in_array($cp, $hr_pages);
$stock_pages = ['stock_dashboard.php', 'stock_items.php', 'stock_in.php', 'stock_out.php', 'stock_lending.php', 'stock_reports.php', 'stock_settings.php'];
$is_stock_open = in_array($cp, $stock_pages);
$expenses_pages = ['expenses.php', 'expense_categories.php', 'expense_reports.php'];
$is_expenses_open = in_array($cp, $expenses_pages);
$report_pages = ['overdue_report.php'];
$is_report_open = in_array($cp, $report_pages);
$admin_pages = ['index.php', 'users.php', 'charity-settings.php'];
$is_admin_open = in_array($cp, $admin_pages);
?>
<?= htmlspecialchars($sys_settings['site_name']) ?>