the code at lines 66 - 82:
<?php
if (!session_id()) session_start();
if(!isset($_SESSION["loginCount"])) {
$_SESSION["loginCount"] = "0";
}
?>
<?php
if (!session_id()) session_start();
if(isset($_POST["LogIn_submit"])) {
$_SESSION["loginCount"] = "".$_SESSION['loginCount'] +1 ."";
}
?>
<?php
if (!WA_Auth_RulePasses("Max logins")){
WA_Auth_RestrictAccess("forgotpassword.php");
}
?>
needs to be moved to line 9 so that it is before the security assist authenticate user code.