Rerun of connect_db_mysqli.inc.

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index e87f8bf187b75acd6c56f66c0805bfc19aa7cade..458f585209d6dad61311122b816b43766897b588 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -11,6 +11,7 @@
 ***********************************************************************/
 define('VARLIB_PATH', $path_to_root.'/tmp');
 define('VARLOG_PATH', $path_to_root.'/tmp');
+define('SECURE_ONLY', true); // if you really need also http (unsecure) access allowed, you can set this to NULL
 
 class SessionManager
 {
@@ -179,6 +180,7 @@ function check_faillog()
 
        $user = $_SESSION["wa_current_user"]->user;
 
+       $_SESSION["wa_current_user"]->login_attempt++;
        if (@$SysPrefs->login_delay && (@$login_faillog[$user][$_SERVER['REMOTE_ADDR']] >= @$SysPrefs->login_max_attempts) && (time() < $login_faillog[$user]['last'] + $SysPrefs->login_delay))
                return true;
 
@@ -396,7 +398,7 @@ foreach ($installed_extensions as $ext)
 ini_set('session.gc_maxlifetime', 36000); // moved from below.
 
 $Session_manager = new SessionManager();
-$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, SECURE_ONLY);
 
 $_SESSION['SysPrefs'] = new sys_prefs();
 
@@ -412,9 +414,11 @@ if ((!isset($SysPrefs->login_max_attempts)) || ($SysPrefs->login_max_attempts <
     $SysPrefs->login_max_attempts = 3; 
 
 if ($SysPrefs->go_debug > 0)
-       error_reporting(-1);
+       $cur_error_level = -1;
 else
-       error_reporting(E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE);
+       $cur_error_level = E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE;
+
+error_reporting($cur_error_level);
 ini_set("display_errors", "On");
 
 if ($SysPrefs->error_logfile != '') {
@@ -443,16 +447,18 @@ if ($SysPrefs->login_delay > 0 && file_exists(VARLIB_PATH."/faillog.php"))
        include_once(VARLIB_PATH."/faillog.php");
 
 // Page Initialisation
-if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
-       || !isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
+if (isset($dflt_lang) && isset($installed_languages))
 {
-       $l = array_search_value($dflt_lang, $installed_languages,  'code');
-       $_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
-        (isset($l['rtl']) && $l['rtl'] === true) ? 'rtl' : 'ltr');
-}
-
-$_SESSION['language']->set_language($_SESSION['language']->code);
+       if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
+               || !isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
+       {
+               $l = array_search_value($dflt_lang, $installed_languages,  'code');
+               $_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
+               (isset($l['rtl']) && $l['rtl'] === true) ? 'rtl' : 'ltr');
+       }
 
+       $_SESSION['language']->set_language($_SESSION['language']->code);
+}
 
 include_once($path_to_root . "/includes/access_levels.inc");
 include_once($path_to_root . "/version.php");
@@ -530,7 +536,6 @@ if (!defined('FA_LOGOUT_PHP_FILE')){
                        $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
                                        '', html_specials_encode($_SERVER['REQUEST_URI'])),
                                'post' => $_POST);
-
                if (in_ajax())
                        $Ajax->popup($path_to_root ."/access/timeout.php");
                else