$https = isset($secure) ? $secure : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
// Set session cookie options
- session_set_cookie_params($limit, $path, $domain, $https, true);
+ if (version_compare(PHP_VERSION, '5.2', '<')) // avoid failure on older php versions
+ session_set_cookie_params($limit, $path, $domain, $https);
+ else
+ session_set_cookie_params($limit, $path, $domain, $https, true);
+
session_start();
// Make sure the session hasn't expired, and destroy it if it has
$msg .= "*/\n";
$msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n";
- $filename = $path_to_root."/faillog.php";
+ $filename = $path_to_root."/tmp/faillog.php";
if ((!file_exists($filename) && is_writable($path_to_root)) || is_writable($filename))
{
get_text_init();
if ($login_delay > 0)
- @include_once($path_to_root . "/faillog.php");
+ @include_once($path_to_root . "/tmp/faillog.php");
// Page Initialisation
if (!isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
-if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
+if (!defined('FA_LOGOUT_PHP_FILE')){
login_timeout();
// Incorrect password
login_fail();
}
- elseif(!$_SESSION['timeout']['post'])
+ elseif(isset($_SESSION['timeout']) && !$_SESSION['timeout']['post'])
{
// in case of GET request redirect to avoid confirmation dialog
// after return from menu option
- header("HTTP 1.1 303 See Other");
+ header("HTTP/1.1 303 See Other");
header("Location: ".$_SESSION['timeout']['uri']);
exit();
}
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-?>
\ No newline at end of file
+?>
projects / fa-stable.git / blobdiff