getEscaped( mosGetParam( $_POST, 'usrname', '' ) );
$pass = $database->getEscaped( mosGetParam( $_POST, 'pass', '' ) );
if (!$pass) {
echo "\n";
} else {
$pass = md5( $pass );
}
$query = "SELECT COUNT(*)"
. "\n FROM #__users"
. "\n WHERE ("
// Administrators
. "\n gid = 24"
// Super Administrators
. "\n OR gid = 25"
. "\n )"
;
$database->setQuery( $query );
$count = intval( $database->loadResult() );
if ($count < 1) {
mosErrorAlert( _LOGIN_NOADMINS );
}
$my = null;
$query = "SELECT *"
. "\n FROM #__users"
. "\n WHERE username = '$usrname'"
. "\n AND block = 0"
;
$database->setQuery( $query );
$database->loadObject( $my );
/** find the user group (or groups in the future) */
if (@$my->id) {
$grp = $acl->getAroGroup( $my->id );
$my->gid = $grp->group_id;
$my->usertype = $grp->name;
if ( strcmp( $my->password, $pass ) || !$acl->acl_check( 'administration', 'login', 'users', $my->usertype ) ) {
mosErrorAlert("Incorrect Username, Password, or Access Level. Please try again", "document.location.href='index.php'");
}
session_name( md5( $mosConfig_live_site ) );
session_start();
$logintime = time();
$session_id = md5( $my->id . $my->username . $my->usertype . $logintime );
$query = "INSERT INTO #__session"
. "\n SET time = '$logintime', session_id = '$session_id', userid = $my->id, usertype = '$my->usertype', username = '$my->username'"
;
$database->setQuery( $query );
if (!$database->query()) {
echo $database->stderr();
}
$_SESSION['session_id'] = $session_id;
$_SESSION['session_user_id'] = $my->id;
$_SESSION['session_username'] = $my->username;
$_SESSION['session_usertype'] = $my->usertype;
$_SESSION['session_gid'] = $my->gid;
$_SESSION['session_logintime'] = $logintime;
$_SESSION['session_user_params']= $my->params;
$_SESSION['session_userstate'] = array();
session_write_close();
/** cannot using mosredirect as this stuffs up the cookie in IIS */
echo "\n";
exit();
} else {
mosErrorAlert("Incorrect Username, Password. Please try again", "document.location.href='index.php'");
}
} else {
initGzip();
$path = $mosConfig_absolute_path . '/administrator/templates/' . $mainframe->getTemplate() . '/login.php';
require_once( $path );
doGzip();
}
?>