X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fsession.inc;h=fe3c795321c322ffd92a564db9efe2dbac557ce9;hb=d907208297556310cc7c51fcb9086869c880ab2d;hp=71206521fda2bd2d89471b85e868862fed4b4e99;hpb=e685a94465fe8f26c8ff3789242b43c1c20054cf;p=fa-stable.git

diff --git a/includes/session.inc b/includes/session.inc
index 71206521..fe3c7953 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -133,15 +133,13 @@ function kill_login()
 function login_fail()
 {
 	global $path_to_root;
-	
+
 	header("HTTP/1.1 401 Authorization Required");
 	echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Password") . "<b></font><br><br>";
 	echo "<b>" . _("The user and password combination is not valid for the system.") . "<b><br><br>";
-
 	echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
 	echo "<br><a href='$path_to_root/index.php'>" . _("Try again") . "</a>";
 	echo "</center>";
-
 	kill_login();
 	die();
 }
@@ -181,6 +179,7 @@ function check_faillog()
 
 	$user = $_SESSION["wa_current_user"]->user;
 
+	$_SESSION["wa_current_user"]->login_attempt++;
 	if (@$SysPrefs->login_delay && (@$login_faillog[$user][$_SERVER['REMOTE_ADDR']] >= @$SysPrefs->login_max_attempts) && (time() < $login_faillog[$user]['last'] + $SysPrefs->login_delay))
 		return true;
 
@@ -414,9 +413,11 @@ if ((!isset($SysPrefs->login_max_attempts)) || ($SysPrefs->login_max_attempts <
     $SysPrefs->login_max_attempts = 3; 
 
 if ($SysPrefs->go_debug > 0)
-	error_reporting(-1);
+	$cur_error_level = -1;
 else
-	error_reporting(E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE);
+	$cur_error_level = E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE;
+
+error_reporting($cur_error_level);
 ini_set("display_errors", "On");
 
 if ($SysPrefs->error_logfile != '') {
@@ -532,10 +533,10 @@ if (!defined('FA_LOGOUT_PHP_FILE')){
 			$_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
 					'', html_specials_encode($_SERVER['REQUEST_URI'])),
 				'post' => $_POST);
-
+		if (in_ajax())
+			$Ajax->popup($path_to_root ."/access/timeout.php");
+		else
 			include($path_to_root . "/access/login.php");
-			if (in_ajax())
-				$Ajax->activate('_page_body');
 			exit;
 		} else {
 			if (isset($_POST["company_login_nickname"]) && !isset($_POST["company_login_name"])) {
@@ -555,7 +556,11 @@ if (!defined('FA_LOGOUT_PHP_FILE')){
 			if (!$succeed)
 			{
 			// Incorrect password
-				login_fail();
+				if (isset($_SESSION['timeout'])) {
+					include($path_to_root . "/access/login.php");
+					exit;
+				} else
+					login_fail();
 			}
 			elseif(isset($_SESSION['timeout']) && !$_SESSION['timeout']['post'])
 			{