X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=bb061e435c541bf8554f545ab551f4b4f90f69f2;hb=e7fb3a02d86a3bc88387280561d802d4744e8885;hp=3ec67df1be0134276def5c0b1ad0f0539f5478a0;hpb=a2ae0e35302270ae811db2e6acb44c16b186a970;p=fa-stable.git diff --git a/includes/session.inc b/includes/session.inc index 3ec67df1..bb061e43 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -9,6 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ +define('VARLIB_PATH', $path_to_root.'/tmp'); +define('VARLOG_PATH', $path_to_root.'/tmp'); class SessionManager { @@ -131,15 +133,13 @@ function kill_login() function login_fail() { global $path_to_root; - + header("HTTP/1.1 401 Authorization Required"); echo "


" . _("Incorrect Password") . "

"; echo "" . _("The user and password combination is not valid for the system.") . "

"; - echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system."); echo "
" . _("Try again") . ""; echo "
"; - kill_login(); die(); } @@ -179,6 +179,7 @@ function check_faillog() $user = $_SESSION["wa_current_user"]->user; + $_SESSION["wa_current_user"]->login_attempt++; if (@$SysPrefs->login_delay && (@$login_faillog[$user][$_SERVER['REMOTE_ADDR']] >= @$SysPrefs->login_max_attempts) && (time() < $login_faillog[$user]['last'] + $SysPrefs->login_delay)) return true; @@ -227,9 +228,9 @@ function write_login_filelog($login, $result) $msg .= "*/\n"; $msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n"; - $filename = $path_to_root."/tmp/faillog.php"; + $filename = VARLIB_PATH."/faillog.php"; - if ((!file_exists($filename) && is_writable($path_to_root.'/tmp')) || is_writable($filename)) + if ((!file_exists($filename) && is_writable(VARLIB_PATH)) || is_writable($filename)) { file_put_contents($filename, $msg); cache_invalidate($filename); @@ -310,7 +311,7 @@ function set_page_security($value=null, $trans = array(), $gtrans = array()) // function strip_quotes($data) { - if(get_magic_quotes_gpc()) { + if(version_compare(phpversion(), '5.4', '<') && get_magic_quotes_gpc()) { if(is_array($data)) { foreach($data as $k => $v) { $data[$k] = strip_quotes($data[$k]); @@ -372,6 +373,7 @@ if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) include_once($path_to_root . "/includes/errors.inc"); // colect all error msgs set_error_handler('error_handler' /*, errtypes */); +set_exception_handler('exception_handler'); include_once($path_to_root . "/includes/current_user.inc"); include_once($path_to_root . "/frontaccounting.php"); @@ -391,6 +393,9 @@ foreach ($installed_extensions as $ext) if (file_exists($path_to_root.'/'.$ext['path'].'/hooks.php')) include_once($path_to_root.'/'.$ext['path'].'/hooks.php'); } + +ini_set('session.gc_maxlifetime', 36000); // moved from below. + $Session_manager = new SessionManager(); $Session_manager->sessionStart('FA'.md5(dirname(__FILE__))); @@ -424,9 +429,9 @@ if ($SysPrefs->error_logfile != '') { to avoid unexpeced session timeouts. Make sure this directory exists and is writable! */ -// ini_set('session.save_path', dirname(__FILE__).'/../tmp/'); +// ini_set('session.save_path', VARLIB_PATH.'/'); -ini_set('session.gc_maxlifetime', 36000); // 10hrs +// ini_set('session.gc_maxlifetime', 36000); // 10hrs - moved to before session_manager hook_session_start(@$_POST["company_login_name"]); @@ -435,8 +440,8 @@ header("Cache-control: private"); get_text_init(); -if ($SysPrefs->login_delay > 0) - @include_once($path_to_root . "/tmp/faillog.php"); +if ($SysPrefs->login_delay > 0 && file_exists(VARLIB_PATH."/faillog.php")) + include_once(VARLIB_PATH."/faillog.php"); // Page Initialisation if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in() @@ -485,7 +490,7 @@ if (!defined('FA_LOGOUT_PHP_FILE')){ login_timeout(); - if (!$_SESSION["wa_current_user"]->old_db) + if (!$_SESSION["wa_current_user"]->old_db && file_exists($path_to_root . '/company/'.user_company().'/installed_extensions.php')) include($path_to_root . '/company/'.user_company().'/installed_extensions.php'); install_hooks(); @@ -526,10 +531,10 @@ if (!defined('FA_LOGOUT_PHP_FILE')){ $_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s', '', html_specials_encode($_SERVER['REQUEST_URI'])), 'post' => $_POST); - + if (in_ajax()) + $Ajax->popup($path_to_root ."/access/timeout.php"); + else include($path_to_root . "/access/login.php"); - if (in_ajax()) - $Ajax->activate('_page_body'); exit; } else { if (isset($_POST["company_login_nickname"]) && !isset($_POST["company_login_name"])) { @@ -549,13 +554,17 @@ if (!defined('FA_LOGOUT_PHP_FILE')){ if (!$succeed) { // Incorrect password - login_fail(); + if (isset($_SESSION['timeout'])) { + include($path_to_root . "/access/login.php"); + exit; + } else + login_fail(); } elseif(isset($_SESSION['timeout']) && !$_SESSION['timeout']['post']) { // in case of GET request redirect to avoid confirmation dialog // after return from menu option - header("HTTP/1.1 303 See Other"); + header("HTTP/1.1 307 Temporary Redirect"); header("Location: ".$_SESSION['timeout']['uri']); exit(); }