X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=869ce9a805820d5ee5ccb4145b72e07ebf850f00;hb=81dd5f392e49a94960c250053e375ed135ac9bad;hp=4712f742b57c608055646bb988da0cc5140d4701;hpb=aac0d5aae41709ca3a890e1bd064163a0d5f53d6;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index 4712f742..869ce9a8 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -21,7 +21,11 @@ class SessionManager $https = isset($secure) ? $secure : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'); // Set session cookie options - session_set_cookie_params($limit, $path, $domain, $https, true); + if (version_compare(PHP_VERSION, '5.2', '<')) // avoid failure on older php versions + session_set_cookie_params($limit, $path, $domain, $https); + else + session_set_cookie_params($limit, $path, $domain, $https, true); + session_start(); // Make sure the session hasn't expired, and destroy it if it has @@ -77,7 +81,6 @@ class SessionManager // Create new session without destroying the old one session_regenerate_id(); - // Grab current session ID and close both sessions to allow other scripts to use them $newSession = session_id(); session_write_close(); @@ -185,7 +188,7 @@ function write_login_filelog($login, $result) $msg .= "*/\n"; $msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n"; - $filename = $path_to_root."/faillog.php"; + $filename = $path_to_root."/tmp/faillog.php"; if ((!file_exists($filename) && is_writable($path_to_root)) || is_writable($filename)) { @@ -366,7 +369,7 @@ include_once($path_to_root . "/config.php"); get_text_init(); if ($login_delay > 0) - @include_once($path_to_root . "/faillog.php"); + @include_once($path_to_root . "/tmp/faillog.php"); // Page Initialisation if (!isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language')) @@ -409,7 +412,7 @@ html_cleanup($_SERVER); // logout.php is the only page we should have always // accessable regardless of access level and current login status. -if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ +if (!defined('FA_LOGOUT_PHP_FILE')){ login_timeout(); @@ -452,6 +455,14 @@ if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){ // Incorrect password login_fail(); } + elseif(isset($_SESSION['timeout']) && !$_SESSION['timeout']['post']) + { + // in case of GET request redirect to avoid confirmation dialog + // after return from menu option + header("HTTP/1.1 303 See Other"); + header("Location: ".$_SESSION['timeout']['uri']); + exit(); + } $lang = &$_SESSION['language']; $lang->set_language($_SESSION['language']->code); } @@ -470,4 +481,4 @@ $SysPrefs = &$_SESSION['SysPrefs']; // We quote all values later with db_escape() before db update. $_POST = strip_quotes($_POST); -?> \ No newline at end of file +?>