X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=inline;f=includes%2Fsession.inc;h=22644aec2fe2955352ab212c4e7c6f2a4b4aebb3;hb=f911dbdc3b4be63c51c25cdf98cc0b7c2e54dffb;hp=52d16bdf3e0f951233f19f5f293f89eb28de6633;hpb=0c760ea65c8c6f0a45ea8328abab53be649f2105;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index 52d16bdf..22644aec 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -21,7 +21,11 @@ class SessionManager $https = isset($secure) ? $secure : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'); // Set session cookie options - session_set_cookie_params($limit, $path, $domain, $https, true); + if (version_compare(PHP_VERSION, '5.2', '<')) // avoid failure on older php versions + session_set_cookie_params($limit, $path, $domain, $https); + else + session_set_cookie_params($limit, $path, $domain, $https, true); + session_start(); // Make sure the session hasn't expired, and destroy it if it has @@ -77,7 +81,6 @@ class SessionManager // Create new session without destroying the old one session_regenerate_id(); - // Grab current session ID and close both sessions to allow other scripts to use them $newSession = session_id(); session_write_close(); @@ -140,14 +143,6 @@ function login_fail() kill_login(); die(); } -//---------------------------------------------------------------------------------------- -// set to reasonable values if not set in config file (pre-2.3.12 installations) - -if (!isset($login_delay)) -{ - $login_delay = 10; - $login_max_attempts = 3; -} function check_faillog() { @@ -193,7 +188,7 @@ function write_login_filelog($login, $result) $msg .= "*/\n"; $msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n"; - $filename = $path_to_root."/faillog.php"; + $filename = $path_to_root."/tmp/faillog.php"; if ((!file_exists($filename) && is_writable($path_to_root)) || is_writable($filename)) { @@ -318,6 +313,16 @@ if (!isset($path_to_root)) $path_to_root = "."; } +//---------------------------------------------------------------------------------------- +// set to reasonable values if not set in config file (pre-2.3.12 installations) + +if ((!isset($login_delay)) || ($login_delay < 0)) + $login_delay = 10; + +if ((!isset($login_max_attempts)) || ($login_max_attempts < 0)) + $login_max_attempts = 3; + + // Prevent register_globals vulnerability if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) die("Restricted access"); @@ -331,7 +336,6 @@ include_once($path_to_root . "/frontaccounting.php"); include_once($path_to_root . "/admin/db/security_db.inc"); include_once($path_to_root . "/includes/lang/language.php"); include_once($path_to_root . "/config_db.php"); -@include_once($path_to_root . "/faillog.php"); include_once($path_to_root . "/includes/ajax.inc"); include_once($path_to_root . "/includes/ui/ui_msgs.inc"); include_once($path_to_root . "/includes/prefs/sysprefs.inc"); @@ -366,6 +370,9 @@ header("Cache-control: private"); include_once($path_to_root . "/config.php"); get_text_init(); +if ($login_delay > 0) + @include_once($path_to_root . "/tmp/faillog.php"); + // Page Initialisation if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in() || !isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language')) @@ -452,6 +459,16 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ // Incorrect password login_fail(); } + elseif(isset($_SESSION['timeout']) && !$_SESSION['timeout']['post']) + { + // in case of GET request redirect to avoid confirmation dialog + // after return from menu option + header("HTTP/1.1 303 See Other"); + header("Location: ".$_SESSION['timeout']['uri']); + exit(); + } + $lang = &$_SESSION['language']; + $lang->set_language($_SESSION['language']->code); } } else { set_global_connection();