// Create new session without destroying the old one
session_regenerate_id();
-
// Grab current session ID and close both sessions to allow other scripts to use them
$newSession = session_id();
session_write_close();
kill_login();
die();
}
-//----------------------------------------------------------------------------------------
-// set to reasonable values if not set in config file (pre-2.3.12 installations)
-
-if (!isset($login_delay))
-{
- $login_delay = 10;
- $login_max_attempts = 3;
-}
function check_faillog()
{
$path_to_root = ".";
}
+//----------------------------------------------------------------------------------------
+// set to reasonable values if not set in config file (pre-2.3.12 installations)
+
+if ((!isset($login_delay)) || ($login_delay < 0))
+ $login_delay = 10;
+
+if ((!isset($login_max_attempts)) || ($login_max_attempts < 0))
+ $login_max_attempts = 3;
+
+
// Prevent register_globals vulnerability
if (isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
die("Restricted access");
include_once($path_to_root . "/admin/db/security_db.inc");
include_once($path_to_root . "/includes/lang/language.php");
include_once($path_to_root . "/config_db.php");
-@include_once($path_to_root . "/faillog.php");
include_once($path_to_root . "/includes/ajax.inc");
include_once($path_to_root . "/includes/ui/ui_msgs.inc");
include_once($path_to_root . "/includes/prefs/sysprefs.inc");
// ini_set('session.save_path', dirname(__FILE__).'/../tmp/');
ini_set('session.gc_maxlifetime', 36000); // 10hrs
+ini_set('session.cache_limiter', 'private'); // prevent 'page expired' errors
+
+hook_session_start(@$_POST["company_login_name"]);
$Session_manager = new SessionManager();
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
include_once($path_to_root . "/config.php");
get_text_init();
+if ($login_delay > 0)
+ @include_once($path_to_root . "/faillog.php");
+
// Page Initialisation
-if (!isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
+if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
+ || !isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
{
$l = array_search_value($dflt_lang, $installed_languages, 'code');
$_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
include_once($path_to_root . "/includes/access_levels.inc");
include_once($path_to_root . "/version.php");
include_once($path_to_root . "/includes/main.inc");
+include_once($path_to_root . "/includes/app_entries.inc");
// Ajax communication object
$Ajax = new Ajax();
// Incorrect password
login_fail();
}
- $lang = &$_SESSION['language'];
- $lang->set_language($_SESSION['language']->code);
}
} else
- set_global_connection();
+ { set_global_connection();
+ if (db_fixed())
+ db_set_encoding($_SESSION['language']->encoding);
+ }
if (!isset($_SESSION["App"])) {
$_SESSION["App"] = new front_accounting();
// POST vars cleanup needed for direct reuse.
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-
-?>
\ No newline at end of file