projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Rerun Sales_order_ui.inc (max chars 50 in Editable Stock Item list)
[fa-stable.git]
/
includes
/
session.inc
diff --git
a/includes/session.inc
b/includes/session.inc
index ad3978c27df990184058915412795db7b0a5e936..06aceccea2cf5620fe3f65cb8a8ec51092b9a935 100644
(file)
--- a/
includes/session.inc
+++ b/
includes/session.inc
@@
-9,6
+9,8
@@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
+define('VARLIB_PATH', $path_to_root.'/tmp');
+define('VARLOG_PATH', $path_to_root.'/tmp');
class SessionManager
{
class SessionManager
{
@@
-148,12
+150,12
@@
function password_reset_fail()
{
global $path_to_root;
{
global $path_to_root;
- echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Email") . "<b></font><br><br>";
- echo "<b>" . _("The email address does not exist in the system, or is used by more than one user.") . "<b><br><br>";
+
echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Email") . "<b></font><br><br>";
+
echo "<b>" . _("The email address does not exist in the system, or is used by more than one user.") . "<b><br><br>";
- echo _("Plase try again or contact your system administrator to obtain new password.");
- echo "<br><a href='$path_to_root/index.php?reset=1'>" . _("Try again") . "</a>";
- echo "</center>";
+
echo _("Plase try again or contact your system administrator to obtain new password.");
+
echo "<br><a href='$path_to_root/index.php?reset=1'>" . _("Try again") . "</a>";
+
echo "</center>";
kill_login();
die();
kill_login();
die();
@@
-163,11
+165,11
@@
function password_reset_success()
{
global $path_to_root;
{
global $path_to_root;
- echo "<center><br><br><font size='5' color='green'><b>" . _("New password sent") . "<b></font><br><br>";
- echo "<b>" . _("A new password has been sent to your mailbox.") . "<b><br><br>";
+
echo "<center><br><br><font size='5' color='green'><b>" . _("New password sent") . "<b></font><br><br>";
+
echo "<b>" . _("A new password has been sent to your mailbox.") . "<b><br><br>";
- echo "<br><a href='$path_to_root/index.php'>" . _("Login here") . "</a>";
- echo "</center>";
+
echo "<br><a href='$path_to_root/index.php'>" . _("Login here") . "</a>";
+
echo "</center>";
kill_login();
die();
kill_login();
die();
@@
-184,6
+186,16
@@
function check_faillog()
return false;
}
return false;
}
+
+/*
+ Ensure file is re-read on next request if php caching is active
+*/
+function cache_invalidate($filename)
+{
+ if (function_exists('opcache_invalidate')) // OpCode extension
+ opcache_invalidate($filename);
+}
+
/*
Simple brute force attack detection is performed before connection to company database is open. Therefore access counters have to be stored in file.
Login attempts counter is created for every new user IP, which partialy prevent DOS attacks.
/*
Simple brute force attack detection is performed before connection to company database is open. Therefore access counters have to be stored in file.
Login attempts counter is created for every new user IP, which partialy prevent DOS attacks.
@@
-217,11
+229,12
@@
function write_login_filelog($login, $result)
$msg .= "*/\n";
$msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n";
$msg .= "*/\n";
$msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n";
- $filename =
$path_to_root."/tmp
/faillog.php";
+ $filename =
VARLIB_PATH."
/faillog.php";
- if ((!file_exists($filename) && is_writable(
$path_to_root.'/tmp'
)) || is_writable($filename))
+ if ((!file_exists($filename) && is_writable(
VARLIB_PATH
)) || is_writable($filename))
{
file_put_contents($filename, $msg);
{
file_put_contents($filename, $msg);
+ cache_invalidate($filename);
}
}
}
}
@@
-361,6
+374,7
@@
if (isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
include_once($path_to_root . "/includes/errors.inc");
// colect all error msgs
set_error_handler('error_handler' /*, errtypes */);
include_once($path_to_root . "/includes/errors.inc");
// colect all error msgs
set_error_handler('error_handler' /*, errtypes */);
+set_exception_handler('exception_handler');
include_once($path_to_root . "/includes/current_user.inc");
include_once($path_to_root . "/frontaccounting.php");
include_once($path_to_root . "/includes/current_user.inc");
include_once($path_to_root . "/frontaccounting.php");
@@
-380,6
+394,9
@@
foreach ($installed_extensions as $ext)
if (file_exists($path_to_root.'/'.$ext['path'].'/hooks.php'))
include_once($path_to_root.'/'.$ext['path'].'/hooks.php');
}
if (file_exists($path_to_root.'/'.$ext['path'].'/hooks.php'))
include_once($path_to_root.'/'.$ext['path'].'/hooks.php');
}
+
+ini_set('session.gc_maxlifetime', 36000); // moved from below.
+
$Session_manager = new SessionManager();
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
$Session_manager = new SessionManager();
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
@@
-408,15
+425,14
@@
if ($SysPrefs->error_logfile != '') {
ini_set("log_errors", "On");
}
ini_set("log_errors", "On");
}
-
/*
Uncomment the setting below when using FA on shared hosting
to avoid unexpeced session timeouts.
Make sure this directory exists and is writable!
*/
/*
Uncomment the setting below when using FA on shared hosting
to avoid unexpeced session timeouts.
Make sure this directory exists and is writable!
*/
-// ini_set('session.save_path',
dirname(__FILE__).'/../tmp
/');
+// ini_set('session.save_path',
VARLIB_PATH.'
/');
-ini_set('session.gc_maxlifetime', 36000); // 10hrs
+// ini_set('session.gc_maxlifetime', 36000); // 10hrs - moved to before session_manager
hook_session_start(@$_POST["company_login_name"]);
hook_session_start(@$_POST["company_login_name"]);
@@
-425,8
+441,8
@@
header("Cache-control: private");
get_text_init();
get_text_init();
-if ($SysPrefs->login_delay > 0)
-
@include_once($path_to_root . "/tmp
/faillog.php");
+if ($SysPrefs->login_delay > 0
&& file_exists(VARLIB_PATH."/faillog.php")
)
+
include_once(VARLIB_PATH."
/faillog.php");
// Page Initialisation
if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
// Page Initialisation
if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
@@
-475,8
+491,8
@@
if (!defined('FA_LOGOUT_PHP_FILE')){
login_timeout();
login_timeout();
- if (!$_SESSION["wa_current_user"]->old_db)
- include
_once
($path_to_root . '/company/'.user_company().'/installed_extensions.php');
+ if (!$_SESSION["wa_current_user"]->old_db
&& file_exists($path_to_root . '/company/'.user_company().'/installed_extensions.php')
)
+ include($path_to_root . '/company/'.user_company().'/installed_extensions.php');
install_hooks();
install_hooks();