X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=04518e7b7a12040e6560b4a0da8edcebf1bbbec9;hb=3df0648d1513215ea28378e679d4291d3e609ba6;hp=da23735e62df03ebaafded64fef8d3b5e72412c5;hpb=53d942f2a0d20cce5e9c409c6485867ce0869e4d;p=fa-stable.git
diff --git a/includes/session.inc b/includes/session.inc
index da23735e..04518e7b 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -21,7 +21,11 @@ class SessionManager
$https = isset($secure) ? $secure : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
// Set session cookie options
- session_set_cookie_params($limit, $path, $domain, $https, true);
+ if (version_compare(PHP_VERSION, '5.2', '<')) // avoid failure on older php versions
+ session_set_cookie_params($limit, $path, $domain, $https);
+ else
+ session_set_cookie_params($limit, $path, $domain, $https, true);
+
session_start();
// Make sure the session hasn't expired, and destroy it if it has
@@ -140,6 +144,35 @@ function login_fail()
die();
}
+function password_reset_fail()
+{
+ global $path_to_root;
+
+ echo "
" . _("Incorrect Email") . "
";
+ echo "" . _("The email address does not exist in the system.") . "
";
+
+ echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
+ echo "
" . _("Try again") . "";
+ echo "";
+
+ kill_login();
+ die();
+}
+
+function password_reset_success()
+{
+ global $path_to_root;
+
+ echo "
" . _("New password sent") . "
";
+ echo "" . _("A new password has been sent to your mailbox.") . "
";
+
+ echo "
" . _("Login here") . "";
+ echo "";
+
+ kill_login();
+ die();
+}
+
function check_faillog()
{
global $login_delay, $login_faillog, $login_max_attempts;
@@ -184,7 +217,7 @@ function write_login_filelog($login, $result)
$msg .= "*/\n";
$msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n";
- $filename = $path_to_root."/faillog.php";
+ $filename = $path_to_root."/tmp/faillog.php";
if ((!file_exists($filename) && is_writable($path_to_root)) || is_writable($filename))
{
@@ -367,7 +400,7 @@ include_once($path_to_root . "/config.php");
get_text_init();
if ($login_delay > 0)
- @include_once($path_to_root . "/faillog.php");
+ @include_once($path_to_root . "/tmp/faillog.php");
// Page Initialisation
if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
@@ -412,7 +445,7 @@ html_cleanup($_SERVER);
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
-if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
+if (!defined('FA_LOGOUT_PHP_FILE')){
login_timeout();
@@ -423,6 +456,33 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
if (!$_SESSION["wa_current_user"]->logged_in())
{
+ if (@$allow_password_reset && !$allow_demo_mode
+ && (isset($_GET['reset']) || isset($_POST['email_entry_field']))) {
+ if (!isset($_POST["email_entry_field"])) {
+ include($path_to_root . "/access/password_reset.php");
+ exit();
+ }
+ else {
+ if (isset($_POST["company_login_nickname"]) && !isset($_POST["company_login_name"])) {
+ for ($i = 0; $i < count($db_connections); $i++) {
+ if ($db_connections[$i]["name"] == $_POST["company_login_nickname"]) {
+ $_POST["company_login_name"] = $i;
+ unset($_POST["company_login_nickname"]);
+ break 1; // cannot pass variables to break from PHP v5.4 onwards
+ }
+ }
+ }
+ $_succeed = isset($db_connections[$_POST["company_login_name"]]) &&
+ $_SESSION["wa_current_user"]->reset_password($_POST["company_login_name"],
+ $_POST["email_entry_field"]);
+ if ($_succeed)
+ {
+ password_reset_success();
+ }
+
+ password_reset_fail();
+ }
+ }
// Show login screen
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{