// LOGIN $cnd_1 = !empty($user) && is_string($user); $cnd_2 = !empty($pass) && is_string($pass); if ($cnd_1 && $cnd_2) { $session = new Session($user, $pass, ''); $config = new Config(); //Disable first_login if ($accepted == 'yes') { $config->update('first_login', 'no'); } $is_disabled = $session->is_user_disabled(); if ($is_disabled == FALSE) { $login_return = $session->login(); $first_user_login = $session->get_first_login(); $last_pass_change = $session->last_pass_change(); $login_exists = $session->is_logged_user_in_db(); $lockout_duration = intval($conf->get_conf('unlock_user_interval')) * 60; if ($login_return != TRUE) { $_SESSION['_user'] = ''; $infolog = array($user); Log_action::log(94, $infolog); $failed = TRUE; $bad_pass = TRUE; $failed_retries = $conf->get_conf('failed_retries'); if ($login_exists && !$is_disabled && $lockout_duration > 0) { $_SESSION['bad_pass'][$user]++; if ($_SESSION['bad_pass'][$user] >= $failed_retries && $user != AV_DEFAULT_ADMIN) { // Auto-disable user $disabled = TRUE; $session->disable_user(); }