session_start();
// Make sure the session hasn't expired, and destroy it if it has
- if (self::validateSession())
+ if ($this->validateSession())
{
// Check to see if the session is new or a hijacking attempt
- if(!self::preventHijacking())
+ if(!$this->preventHijacking())
{
// Reset session data and regenerate id
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
- self::regenerateSession();
+ $this->regenerateSession();
// Give a 5% chance of the session id changing on any request
}
elseif (rand(1, 100) <= 5)
{
- self::regenerateSession();
+ $this->regenerateSession();
}
}
else
$_SESSION['EXPIRES'] = time() + 10;
// Create new session without destroying the old one
- session_regenerate_id(false);
-
+ session_regenerate_id();
+
// Grab current session ID and close both sessions to allow other scripts to use them
$newSession = session_id();
session_write_close();
-
// Set session ID to the new one, and start it back up again
+
session_id($newSession);
session_start();
-
+
// Now we unset the obsolete and expiration values for the session we want to keep
unset($_SESSION['OBSOLETE']);
unset($_SESSION['EXPIRES']);
if ($msg){
display_error($msg);
- end_page();
+ end_page(@$_REQUEST['popup']);
kill_login();
exit;
}
echo _("The security settings on your account do not permit you to access this function");
echo "</b>";
echo "<br><br><br><br></center>";
- end_page();
+ end_page(@$_REQUEST['popup']);
exit;
}
if (!$_SESSION['SysPrefs']->db_ok
ini_set('session.gc_maxlifetime', 36000); // 10hrs
-SessionManager::sessionStart('FA'.md5(dirname(__FILE__)));
-
-//SessionManager::sessionStart('Blog_myBlog', 0, '/myBlog/', 'www.site.com');
-//SessionManager::sessionStart('Accounts_Bank', 0, '/', 'accounts.bank.com', true);
-/*
hook_session_start(@$_POST["company_login_name"]);
-session_name('FA'.md5(dirname(__FILE__)));
+$Session_manager = new SessionManager();
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
-session_start();
-session_regenerate_id(true);
-*/
// this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
header("Cache-control: private");
include_once($path_to_root . "/includes/access_levels.inc");
include_once($path_to_root . "/version.php");
include_once($path_to_root . "/includes/main.inc");
+include_once($path_to_root . "/includes/app_entries.inc");
// Ajax communication object
$Ajax = new Ajax();
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-
-?>
\ No newline at end of file