From: Janusz Dobrowolski Date: Mon, 12 Nov 2012 08:52:41 +0000 (+0100) Subject: Cleanup in curent_user.inc/session.inc X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=288fe69d4d3abdf2396721a5bcc5762973b8b30f;p=textcart.git Cleanup in curent_user.inc/session.inc --- diff --git a/includes/current_user.inc b/includes/current_user.inc index 3c5a92a..e393252 100644 --- a/includes/current_user.inc +++ b/includes/current_user.inc @@ -58,7 +58,7 @@ class current_user function login($company, $loginname, $password) { - global $security_areas, $security_groups, $security_headings, $path_to_root; + global $security_areas, $security_groups, $security_headings, $path_to_root, $login_delay; $this->set_company($company); $this->logged = false; @@ -73,7 +73,8 @@ class current_user if (!isset($Auth_Result)) // if not used: standard method $Auth_Result = get_user_auth($loginname, md5($password)); - write_login_filelog($loginname, $Auth_Result); + if ($login_delay > 0) + write_login_filelog($loginname, $Auth_Result); if ($Auth_Result) { diff --git a/includes/session.inc b/includes/session.inc index 2688a24..4712f74 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -140,14 +140,6 @@ function login_fail() kill_login(); die(); } -//---------------------------------------------------------------------------------------- -// set to reasonable values if not set in config file (pre-2.3.12 installations) - -if (!isset($login_delay)) -{ - $login_delay = 10; - $login_max_attempts = 3; -} function check_faillog() { @@ -318,6 +310,16 @@ if (!isset($path_to_root)) $path_to_root = "."; } +//---------------------------------------------------------------------------------------- +// set to reasonable values if not set in config file (pre-2.3.12 installations) + +if ((!isset($login_delay)) || ($login_delay < 0)) + $login_delay = 10; + +if ((!isset($login_max_attempts)) || ($login_max_attempts < 0)) + $login_max_attempts = 3; + + // Prevent register_globals vulnerability if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) die("Restricted access"); @@ -331,7 +333,6 @@ include_once($path_to_root . "/frontaccounting.php"); include_once($path_to_root . "/admin/db/security_db.inc"); include_once($path_to_root . "/includes/lang/language.php"); include_once($path_to_root . "/config_db.php"); -@include_once($path_to_root . "/faillog.php"); include_once($path_to_root . "/includes/ajax.inc"); include_once($path_to_root . "/includes/ui/ui_msgs.inc"); include_once($path_to_root . "/includes/prefs/sysprefs.inc"); @@ -364,6 +365,9 @@ header("Cache-control: private"); include_once($path_to_root . "/config.php"); get_text_init(); +if ($login_delay > 0) + @include_once($path_to_root . "/faillog.php"); + // Page Initialisation if (!isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language')) {