This is the code from the file jpowers40828 provided:
<?php
/*********************************************************************
login.php
Handles staff authentication/logins
Peter Rotich <peter@osticket.com>
Copyright (c) 2006,2007,2008 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
$Id: $
**********************************************************************/
require_once('../main.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');
require_once(INCLUDE_DIR.'class.staff.php');
$msg=$msg?$msg:'Authentication Required';
if($_GET && (!empty($_GET) && !empty($_GET))){
//$_SESSION=array(); #Uncomment to disable login strikes.
$msg='Invalid login';
if($_SESSION && (time()-$_SESSION<3*60)) {
$msg='Max failed login Reached';
$errors='You\'ve reached maximum failed login attempts allowed.';
}
if(!$errors && ($user=new StaffSession($_GET)) && $user->getId() && $user->check_passwd($_GET)){
db_query('UPDATE '.STAFF_TABLE.' SET lastlogin=NOW() WHERE staff_id='.db_input($user->getId()));
//We got a matching user and the password matched!! Nice.
//Now set session crap and lets roll baby!
$_SESSION=array(); //clear.
$_SESSION=$_GET;
$user->refreshSession(); //set the hash.
$_SESSION=$user->getTZoffset();
$_SESSION=$cfg->observeDaylightSaving();
//Redirect to the original destination. (make sure it is not redirecting to login page.)
$dest=($_GET && !strstr($_GET,'login.php'))?$_GET:'index.php';
<USERMENTION username="header">@header</USERMENTION>("Location: $dest");
require('index.php'); //Just incase header is messed up.
exit;
}
//If we get to this point we know the login failed.
//TODO: login strikes should be DB based for better security checks ( session can be reset!)
$msg='Invalid login';
$_SESSION+=1;
if(!$errors && $_SESSION>3) {
$msg='Access Denied';
$errors='Forgot your login info? Contact IT Dept.';
$_SESSION=time();
//Send alerts
if($cfg->alertONLoginError()) {
$alert='Excessive login attempts by a staff member?'."\n".
'Username: '.$_POST."\n".'IP: '.$_SERVER."\n".'TIME: '.date('M j, Y, g a T')."\n\n".
'Attempts #'.$_SESSION;
Misc:('Excessive login attempts (staff)',$alert);
}
}
}
define("OSTSCPINC",TRUE); //Make includes happy!
$login_err=($_POST)?true; //error displayed only on post
include_once(INCLUDE_DIR.'staff/login.tpl.php');
?>