$last_pass_change = $session->last_pass_change(); $login_exists = $session->is_logged_user_in_db(); $lockout_duration = intval($conf->get_conf('unlock_user_interval')) * 60; if ($login_return != TRUE) { $_SESSION['_user'] = ''; $infolog = array($user); Log_action::log(94, $infolog); $failed = TRUE; $bad_pass = TRUE; $failed_retries = $conf->get_conf('failed_retries'); if ($login_exists && !$is_disabled && $lockout_duration > 0) { $_SESSION['bad_pass'][$user]++; if ($_SESSION['bad_pass'][$user] >= $failed_retries && $user != AV_DEFAULT_ADMIN) { // Auto-disable user $disabled = TRUE; $session->disable_user(); } } } elseif (!$is_disabled) { $_SESSION['bad_pass'] = ''; $pass_expire_max = $conf->get_conf('pass_expire') > 0 && $conf->get_conf('pass_expire') != 'yes' && $conf->get_conf('pass_expire') != 'no' ? $conf->get_conf('pass_expire') : 0; $pass_length_min = $conf->get_conf('pass_length_min') ? $conf->get_conf('pass_length_min') : 7; if ($first_login == '' || $first_login == 0 || $first_login == 'no') { $accepted = 'yes'; } $failed = FALSE; if ($accepted == 'yes') { $first_login = '******'; $client = new Alienvault_client($user); $client->auth()->login($user, $pass); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);