+function output_html($text)
+{
+ global $before_box, $Ajax, $messages;
+ // Fatal errors are not send to error_handler,
+ // so we must check the output
+ if ($text && preg_match('/\bFatal error(<.*?>)?:(.*)/i', $text, $m)) {
+ $Ajax->aCommands = array(); // Don't update page via ajax on errors
+ $text = preg_replace('/\bFatal error(<.*?>)?:(.*)/i','', $text);
+ $messages[] = array(E_ERROR, $m[2], null, null);
+ }
+ $Ajax->run();
+ return in_ajax() ? fmt_errors() : ($before_box.fmt_errors().$text);
+}
+//----------------------------------------------------------------------------------------
+
+function kill_login()
+{
+ session_unset();
+ session_destroy();
+}
+//----------------------------------------------------------------------------------------
+
+function login_fail()
+{
+ global $path_to_root;
+
+ header("HTTP/1.1 401 Authorization Required");
+ echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Password") . "<b></font><br><br>";
+ echo "<b>" . _("The user and password combination is not valid for the system.") . "<b><br><br>";
+
+ echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
+ echo "<br><a href='$path_to_root/index.php'>" . _("Try again") . "</a>";
+ echo "</center>";
+
+ kill_login();
+ die();
+}
+
+function check_faillog()
+{
+ global $login_delay, $login_faillog, $login_max_attempts;
+
+ $user = $_SESSION["wa_current_user"]->user;
+
+ if (@$login_delay && (@$login_faillog[$user][$_SERVER['REMOTE_ADDR']] >= @$login_max_attempts) && (time() < $login_faillog[$user]['last'] + $login_delay))
+ return true;
+
+ return false;
+}
+/*
+ Simple brute force attack detection is performed before connection to company database is open. Therefore access counters have to be stored in file.
+ Login attempts counter is created for every new user IP, which partialy prevent DOS attacks.
+*/
+function write_login_filelog($login, $result)
+{
+ global $login_faillog, $login_max_attempts, $path_to_root;
+
+ $user = $_SESSION["wa_current_user"]->user;