Cleanup in curent_user.inc/session.inc

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index 2688a24e94072dee83851ad071ec027e04537b45..4712f742b57c608055646bb988da0cc5140d4701 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -140,14 +140,6 @@ function login_fail()
        kill_login();
        die();
 }
-//----------------------------------------------------------------------------------------
-// set to reasonable values if not set in config file (pre-2.3.12 installations)
-
-if (!isset($login_delay))
-{
-       $login_delay = 10;
-       $login_max_attempts = 3;
-}
 
 function check_faillog()
 {
@@ -318,6 +310,16 @@ if (!isset($path_to_root))
        $path_to_root = ".";
 }
 
+//----------------------------------------------------------------------------------------
+// set to reasonable values if not set in config file (pre-2.3.12 installations)
+
+if ((!isset($login_delay)) || ($login_delay < 0))
+    $login_delay = 10;
+
+if ((!isset($login_max_attempts)) || ($login_max_attempts < 0))
+    $login_max_attempts = 3; 
+
+
 // Prevent register_globals vulnerability
 if (isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
        die("Restricted access");
@@ -331,7 +333,6 @@ include_once($path_to_root . "/frontaccounting.php");
 include_once($path_to_root . "/admin/db/security_db.inc");
 include_once($path_to_root . "/includes/lang/language.php");
 include_once($path_to_root . "/config_db.php");
-@include_once($path_to_root . "/faillog.php");
 include_once($path_to_root . "/includes/ajax.inc");
 include_once($path_to_root . "/includes/ui/ui_msgs.inc");
 include_once($path_to_root . "/includes/prefs/sysprefs.inc");
@@ -364,6 +365,9 @@ header("Cache-control: private");
 include_once($path_to_root . "/config.php");
 get_text_init();
 
+if ($login_delay > 0)
+       @include_once($path_to_root . "/faillog.php");
+
 // Page Initialisation
 if (!isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language')) 
 {