Release 2.3.25.

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index 1b9c5ce2daa48631079f207014ee2882f22f8cb3..cafdc15f3d8838a58e017d09f2eb5452a1d56ef7 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -37,7 +37,7 @@ class SessionManager
                                // Reset session data and regenerate id
                                $_SESSION = array();
                                $_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
-                               $_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
+                               $_SESSION['userAgent'] = @$_SERVER['HTTP_USER_AGENT'];
                                $this->regenerateSession();
 
                        // Give a 5% chance of the session id changing on any request
@@ -63,7 +63,7 @@ class SessionManager
                if ($_SESSION['IPaddress'] != $_SERVER['REMOTE_ADDR'])
                        return false;
 
-               if ( $_SESSION['userAgent'] != $_SERVER['HTTP_USER_AGENT'])
+               if ( $_SESSION['userAgent'] != @$_SERVER['HTTP_USER_AGENT'])
                        return false;
 
                return true;
@@ -149,9 +149,9 @@ function password_reset_fail()
        global $path_to_root;
        
   echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Email") . "<b></font><br><br>";
-  echo "<b>" . _("The email address does not exist in the system.") . "<b><br><br>";
+  echo "<b>" . _("The email address does not exist in the system, or is used by more than one user.") . "<b><br><br>";
 
-  echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
+  echo _("Plase try again or contact your system administrator to obtain new password.");
   echo "<br><a href='$path_to_root/index.php?reset=1'>" . _("Try again") . "</a>";
   echo "</center>";
 
@@ -316,7 +316,7 @@ function html_cleanup(&$parms)
                if (is_array($value))
                        html_cleanup($parms[$name]);
                else
-                       $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+                       $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
        }
        reset($parms); // needed for direct key() usage later throughout the sources
 }
@@ -484,7 +484,8 @@ if (!defined('FA_LOGOUT_PHP_FILE')){
                {
                        // strip ajax marker from uri, to force synchronous page reload
                        $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
-                                       '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding)), 
+                                       '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2'
+                                                ? 'ISO-8859-1' : $_SESSION['language']->encoding)), 
                                'post' => $_POST);
 
                        include($path_to_root . "/access/login.php");