Invalid username or password. Please try again"; if ($_SESSION['instance']['recordLogInFails']) { // === record failed log in } } else { if (empty($userDat['password'])) { $_REQUEST['sp'] = "options"; $_SESSION['instance']['disableNav'] = true; // disable navigation until there is a password } // valid log in .. clean up user data unset($userDat['password']); $_SESSION['user'] = $userDat; $_SESSION['user']['login'] = date("YmdHisu"); $empNo = $userDat['empNo']; // close any other open login session if (!($userDat['acces'] & 0x8000)) // "enable multisession" { $lastSession = sqlSelect("logins", "empNo='$empNo' and locked=''"); if ($lastSession['n']) // there is an open login { $lastSession = mysql_fetch_assoc($lastSession['r']); $t = duration($lastSession['touch'], date("YmdHis")); if ($t['d'] > $_SESSION['GLOBAL_TIMEOUT']) sqlUpdate("logins", "locked='AUTOLOGOUT [ABAND]'", "empNo='$empNo' and locked=''"); else sqlUpdate("logins", "locked='AUTOLOGOUT [MULTI]'", "empNo='$empNo' and locked=''"); } } // get last login information $logins = sqlSelect("logins", "empNo='$empNo' and locked not like 'E%'", "", "tid desc"); $_SESSION['user']['last']['logins'] = ($logins['n'] + 1); if ($logins['n']) { $logins = mysql_fetch_assoc($logins['r']); $lstart= date2time($logins['login']); $lend = date2time($logins['last_trans']); $_SESSION['user']['last']['duration'] = $lend - $lstart; $_SESSION['user']['last']['lastLogin'] = $logins['login']; } else { $_SESSION['user']['last']['lastLogin'] = ""; $_SESSION['user']['last']['duration'] = ""; } // log the login $q = "empNo='$empNo', "; $q .= "login='".date("YmdHis")."', "; $q .= "touch='".date("YmdHis")."', "; $q .= "locked = '', "; $q .= "loc = '{$_SESSION['instance']['prefix']}'"; $q = sqlInsert("logins", $q); // get login session id $r = sqlSelect("logins", "empNo = '$empNo' and locked = ''", "", "tid desc"); $r = mysql_fetch_assoc($r['r']); $_SESSION['user']['sessionTid'] = $r['tid']; unset($userDat); if (array_key_exists("calendar", $_REQUEST)) { $_SESSION['instance']['calendarView'] = true; $_SESSION['current']['p'] = "scheduling"; $_REQUEST['p'] = "scheduling"; } else { $_REQUEST['p'] = "myaspin"; $r = sqlSelect("news", "story != '' and readBy not like '%|{$_SESSION['user']['empNo']}|%'", "", "lastmod desc"); if ($r['n'] == 0) { // no new news - show schedule instead $_REQUEST['sp'] = "timesheets"; } } if ($LinkStatus) doSync(); } } else { // no such user - log it if ($_SESSION['instance']['recordLogInFails']) { // !=== record failed log in } $msgs[] = "Invalid username or password"; $msgs[] = "Please try again"; } ?>