Fix what appears to be a potential security hole (and some other stuff)

If the INI file could not be opened, a failure would be returned,
but authentication would (potentially) succeed.  I can't think of
a way to exploit this, but it's getting late.

Also, make some minor optimizations that won't make a difference yet,
and move opening the file into a single function.