***********************************************************************/
define('VARLIB_PATH', $path_to_root.'/tmp');
define('VARLOG_PATH', $path_to_root.'/tmp');
+define('SECURE_ONLY', true); // if you really need also http (unsecure) access allowed, you can set this to NULL
class SessionManager
{
$user = $_SESSION["wa_current_user"]->user;
+ $_SESSION["wa_current_user"]->login_attempt++;
if (@$SysPrefs->login_delay && (@$login_faillog[$user][$_SERVER['REMOTE_ADDR']] >= @$SysPrefs->login_max_attempts) && (time() < $login_faillog[$user]['last'] + $SysPrefs->login_delay))
return true;
ini_set('session.gc_maxlifetime', 36000); // moved from below.
$Session_manager = new SessionManager();
-$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, SECURE_ONLY);
$_SESSION['SysPrefs'] = new sys_prefs();
$SysPrefs->login_max_attempts = 3;
if ($SysPrefs->go_debug > 0)
- error_reporting(-1);
+ $cur_error_level = -1;
else
- error_reporting(E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE);
+ $cur_error_level = E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE;
+
+error_reporting($cur_error_level);
ini_set("display_errors", "On");
if ($SysPrefs->error_logfile != '') {
$_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
'', html_specials_encode($_SERVER['REQUEST_URI'])),
'post' => $_POST);
-
if (in_ajax())
$Ajax->popup($path_to_root ."/access/timeout.php");
else