// Reset session data and regenerate id
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
- $_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
+ $_SESSION['userAgent'] = @$_SERVER['HTTP_USER_AGENT'];
$this->regenerateSession();
// Give a 5% chance of the session id changing on any request
if ($_SESSION['IPaddress'] != $_SERVER['REMOTE_ADDR'])
return false;
- if ( $_SESSION['userAgent'] != $_SERVER['HTTP_USER_AGENT'])
+ if ( $_SESSION['userAgent'] != @$_SERVER['HTTP_USER_AGENT'])
return false;
return true;
die();
}
+function password_reset_fail()
+{
+ global $path_to_root;
+
+ echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Email") . "<b></font><br><br>";
+ echo "<b>" . _("The email address does not exist in the system, or is used by more than one user.") . "<b><br><br>";
+
+ echo _("Plase try again or contact your system administrator to obtain new password.");
+ echo "<br><a href='$path_to_root/index.php?reset=1'>" . _("Try again") . "</a>";
+ echo "</center>";
+
+ kill_login();
+ die();
+}
+
+function password_reset_success()
+{
+ global $path_to_root;
+
+ echo "<center><br><br><font size='5' color='green'><b>" . _("New password sent") . "<b></font><br><br>";
+ echo "<b>" . _("A new password has been sent to your mailbox.") . "<b><br><br>";
+
+ echo "<br><a href='$path_to_root/index.php'>" . _("Login here") . "</a>";
+ echo "</center>";
+
+ kill_login();
+ die();
+}
+
function check_faillog()
{
global $login_delay, $login_faillog, $login_max_attempts;
if (is_array($value))
html_cleanup($parms[$name]);
else
- $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+ $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
}
reset($parms); // needed for direct key() usage later throughout the sources
}
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
-if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
+if (!defined('FA_LOGOUT_PHP_FILE')){
login_timeout();
if (!$_SESSION["wa_current_user"]->logged_in())
{
+ if (@$allow_password_reset && !$allow_demo_mode
+ && (isset($_GET['reset']) || isset($_POST['email_entry_field']))) {
+ if (!isset($_POST["email_entry_field"])) {
+ include($path_to_root . "/access/password_reset.php");
+ exit();
+ }
+ else {
+ if (isset($_POST["company_login_nickname"]) && !isset($_POST["company_login_name"])) {
+ for ($i = 0; $i < count($db_connections); $i++) {
+ if ($db_connections[$i]["name"] == $_POST["company_login_nickname"]) {
+ $_POST["company_login_name"] = $i;
+ unset($_POST["company_login_nickname"]);
+ break 1; // cannot pass variables to break from PHP v5.4 onwards
+ }
+ }
+ }
+ $_succeed = isset($db_connections[$_POST["company_login_name"]]) &&
+ $_SESSION["wa_current_user"]->reset_password($_POST["company_login_name"],
+ $_POST["email_entry_field"]);
+ if ($_succeed)
+ {
+ password_reset_success();
+ }
+
+ password_reset_fail();
+ }
+ }
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
// strip ajax marker from uri, to force synchronous page reload
$_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
- '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding)),
+ '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2'
+ ? 'ISO-8859-1' : $_SESSION['language']->encoding)),
'post' => $_POST);
include($path_to_root . "/access/login.php");
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-?>
\ No newline at end of file
+?>
projects / fa-stable.git / blobdiff