$errorFound = true; $formError["login_session"] = _("Login unknown."); $sessLoginAttempts = 1; $_SESSION['auth']['last_login'] = ''; } else { if (!$userQ->isActivated($loginSession)) { $userQ->close(); $_SESSION = array(); // deregister all current session variables FlashMsg::add(_("Your user account has been suspended. Contact with administrator to resolve this problem.")); header("Location: ../home/index.php"); exit; } $formSession = Form::getSession(); $lastLogin = isset($_SESSION['auth']['last_login']) ? $_SESSION['auth']['last_login'] : ''; if (!$userQ->verifySignOn($loginSession, $pwdSession)) { $userQ->close(); Error::query($userQ); } $user = $userQ->fetch(); if (!$user) { /** * Invalid password. Add one to login attempts. */ $errorFound = true; $formError["pwd_session"] = _("Invalid sign on."); if (!isset($_SESSION['auth']['login_attempts']) || $_SESSION['auth']['login_attempts'] == "") { $sessLoginAttempts = 1; } else { if ($loginSession == $lastLogin) { $sessLoginAttempts = $_SESSION['auth']['login_attempts'] + 1;
if ($userQ->existLogin($user->getLogin(), $user->getIdMember())) { $loginUsed = true; FlashMsg::add(sprintf(_("Login, %s, already exists. The changes have no effect."), $user->getLogin()), OPEN_MSG_WARNING); } else { $userQ->update($user); FlashMsg::add(sprintf(_("User, %s, has been updated."), $user->getLogin())); /** * updating session variables if user is current user */ if (isset($_POST["all"])) { $_SESSION['auth']['login_session'] = $user->getLogin(); $_SESSION['auth']['user_theme'] = $user->getIdTheme(); } } if ($changePwd && !$loginUsed) { if (!$userQ->verifySignOn($_POST["login"], $_POST["md5_old"], true)) { $userQ->close(); unset($formError); $formError["old_pwd"] = trim($_POST["md5_old"]) == "" ? _("This is a required field.") : _("This field is not correct."); Form::setSession($_POST, $formError); header("Location: " . $errorLocation); exit; } $userQ->resetPwd($user); } $userQ->close(); unset($userQ); unset($user); /** * Destroy form values and errors */