[0005266] Fixed timeouts in ajax contexts.

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index 3f8c525d32b80a2957642db34dbc036179a2badb..e87f8bf187b75acd6c56f66c0805bfc19aa7cade 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -133,15 +133,13 @@ function kill_login()
 function login_fail()
 {
        global $path_to_root;
-       
+
        header("HTTP/1.1 401 Authorization Required");
        echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Password") . "<b></font><br><br>";
        echo "<b>" . _("The user and password combination is not valid for the system.") . "<b><br><br>";
-
        echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
        echo "<br><a href='$path_to_root/index.php'>" . _("Try again") . "</a>";
        echo "</center>";
-
        kill_login();
        die();
 }
@@ -312,7 +310,7 @@ function set_page_security($value=null, $trans = array(), $gtrans = array())
 //
 function strip_quotes($data)
 {
-       if(get_magic_quotes_gpc()) {
+       if(version_compare(phpversion(), '5.4', '<') && get_magic_quotes_gpc()) {
                if(is_array($data)) {
                        foreach($data as $k => $v) {
                                $data[$k] = strip_quotes($data[$k]);
@@ -394,6 +392,9 @@ foreach ($installed_extensions as $ext)
        if (file_exists($path_to_root.'/'.$ext['path'].'/hooks.php'))
                include_once($path_to_root.'/'.$ext['path'].'/hooks.php');
 }
+
+ini_set('session.gc_maxlifetime', 36000); // moved from below.
+
 $Session_manager = new SessionManager();
 $Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
 
@@ -429,7 +430,7 @@ if ($SysPrefs->error_logfile != '') {
 */
 // ini_set('session.save_path', VARLIB_PATH.'/');
 
-ini_set('session.gc_maxlifetime', 36000); // 10hrs
+// ini_set('session.gc_maxlifetime', 36000); // 10hrs - moved to before session_manager
 
 hook_session_start(@$_POST["company_login_name"]);
 
@@ -530,9 +531,10 @@ if (!defined('FA_LOGOUT_PHP_FILE')){
                                        '', html_specials_encode($_SERVER['REQUEST_URI'])),
                                'post' => $_POST);
 
+               if (in_ajax())
+                       $Ajax->popup($path_to_root ."/access/timeout.php");
+               else
                        include($path_to_root . "/access/login.php");
-                       if (in_ajax())
-                               $Ajax->activate('_page_body');
                        exit;
                } else {
                        if (isset($_POST["company_login_nickname"]) && !isset($_POST["company_login_name"])) {
@@ -552,13 +554,17 @@ if (!defined('FA_LOGOUT_PHP_FILE')){
                        if (!$succeed)
                        {
                        // Incorrect password
-                               login_fail();
+                               if (isset($_SESSION['timeout'])) {
+                                       include($path_to_root . "/access/login.php");
+                                       exit;
+                               } else
+                                       login_fail();
                        }
                        elseif(isset($_SESSION['timeout']) && !$_SESSION['timeout']['post'])
                        {
                                // in case of GET request redirect to avoid confirmation dialog 
                                // after return from menu option
-                               header("HTTP/1.1 303 See Other");
+                               header("HTTP/1.1 307 Temporary Redirect");
                                header("Location: ".$_SESSION['timeout']['uri']);
                                exit();
                        }