0 && !empty($session_expires) && mktime()>$session_expires) || empty($_SESSION['mpass_pass']) || !in_array($_SESSION['mpass_pass'],$cmp_pass))
{
if(!empty($alert) && !in_array($_SESSION['mpass_pass'],$cmp_pass))
{
// user has submitted incorrect password
// generate alert:
$_SESSION['mpass_attempts']++;
$alert_str = $_SERVER['REMOTE_ADDR']." entered ".htmlspecialchars($_POST['mpass_pass'])." on page ".$_SERVER['PHP_SELF']." on ".date("l dS of F Y h:i:s A")."\r\n";
if(stristr($alert,"@")!==false)
{
// email alert
@mail($alert,"Bad Login on ".$_SERVER['PHP_SELF'],$alert_str,"From: ".$alert);
} else {
// textfile alert
$handle = @fopen($alert,'a');
if($handle)
{
fwrite($handle,$alert_str);
fclose($handle);
}
}
}
// if hammering protection is enabled, lock user out if they've reached the maximum
if($max_attempts>1 && $_SESSION['mpass_attempts']>=$max_attempts)
{
exit("Too many login failures.");
}
// clear session expiry time
$_SESSION['mpass_session_expires'] = "";
?>
Enter Password