Hello Mannu87,
All pages are checked in includes/session.inc to see if the user is allowed to access them ...
Code:
if (!isset($AllowAnyone)){
if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
$Title = _('Security Permissions Problem');
include($PathPrefix . 'includes/header.inc');
echo '<tr>
<td class="menu_group_items">
<table width="100%" class="table_index">
<tr><td class="menu_group_item">';
echo '<b><font style="size:+1; text-align:center;">' . _('The security settings on your account do not permit you to access this function') . '</font></b>';
echo '</td>
</tr>
</table>
</td>
</tr>';
include($PathPrefix . 'includes/footer.inc');
exit;
}
}
So the key point:
Code:
if ((!in_array($PageSecurity, $_SESSION['AllowedPageSecurityTokens']) OR !isset($PageSecurity))) {
If you set a variable
Then this is most likely to be in the array of $_SESSION['AllowedPageSecurityTokens'] - this array is read in at login from the users role permissions set up. You can read a bit about the security set up in the Manual.
Alternatively there is an over-ride $AllowAnyone - if this is set before including includes/session.inc then the security checking is turned off.