//$_SESSION['_staff']=array(); #Uncomment to disable login strikes. $msg = _('Invalid login'); if ($_SESSION['_staff']['laststrike']) { if (time() - $_SESSION['_staff']['laststrike'] < $cfg->getStaffLoginTimeout()) { $msg = _('Excessive failed login attempts'); $errors['err'] = _('You\'ve reached maximum failed login attempts allowed.'); } else { //Timeout is over. //Reset the counter for next round of attempts after the timeout. $_SESSION['_staff']['laststrike'] = null; $_SESSION['_staff']['strikes'] = 0; } } if (!$errors && ($user = new StaffSession($_POST['username'])) && $user->getId() && $user->check_passwd($_POST['passwd'])) { //update last login. $user->update_lastlogin($user->getId()); //Figure out where the user is headed - destination! $dest = $_SESSION['_staff']['auth']['dest']; //Now set session crap and lets roll baby! $_SESSION['_staff'] = array(); //clear. $_SESSION['_staff']['userID'] = $_POST['username']; $user->refreshSession(); //set the hash. $_SESSION['TZ_OFFSET'] = $user->getTZoffset(); $_SESSION['daylight'] = $user->observeDaylight(); Sys::log(LOG_DEBUG, 'Staff login', sprintf('%s ' . _('logged in'), $user->getUserName()), $user->getUserName()); //Debug //Redirect to the original destination. (make sure it is not redirecting to login page.) $dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php'; session_write_close();