getEscaped( mosGetParam( $_POST, 'usrname', '' ) ); $pass = $database->getEscaped( mosGetParam( $_POST, 'pass', '' ) ); if (!$pass) { echo "\n"; } else { $pass = md5( $pass ); } $query = "SELECT COUNT(*)" . "\n FROM #__users" . "\n WHERE (" // Administrators . "\n gid = 24" // Super Administrators . "\n OR gid = 25" . "\n )" ; $database->setQuery( $query ); $count = intval( $database->loadResult() ); if ($count < 1) { mosErrorAlert( _LOGIN_NOADMINS ); } $my = null; $query = "SELECT *" . "\n FROM #__users" . "\n WHERE username = '$usrname'" . "\n AND password = '$pass'" . "\n AND block = 0" ; $database->setQuery( $query ); $database->loadObject( $my ); /** find the user group (or groups in the future) */ if (@$my->id) { $grp = $acl->getAroGroup( $my->id ); $my->gid = $grp->group_id; $my->usertype = $grp->name; if ( strcmp( $my->password, $pass ) || !$acl->acl_check( 'administration', 'login', 'users', $my->usertype ) ) { mosErrorAlert("Incorrect Username, Password, or Access Level. Please try again", "document.location.href='index.php'"); } session_name( md5( $mosConfig_live_site ) ); session_start(); $logintime = time(); $session_id = md5( $my->id . $my->username . $my->usertype . $logintime ); $query = "INSERT INTO #__session" . "\n SET time = '$logintime', session_id = '$session_id', userid = $my->id, usertype = '$my->usertype', username = '$my->username'" ; $database->setQuery( $query ); if (!$database->query()) { echo $database->stderr(); } $_SESSION['session_id'] = $session_id; $_SESSION['session_user_id'] = $my->id; $_SESSION['session_username'] = $my->username; $_SESSION['session_usertype'] = $my->usertype; $_SESSION['session_gid'] = $my->gid; $_SESSION['session_logintime'] = $logintime; $_SESSION['session_user_params']= $my->params; $_SESSION['session_userstate'] = array(); session_write_close(); /** cannot using mosredirect as this stuffs up the cookie in IIS */ echo "\n"; exit(); } else { mosErrorAlert("Incorrect Username, Password. Please try again", "document.location.href='index.php'"); } } else { initGzip(); $path = $mosConfig_absolute_path . '/administrator/templates/' . $mainframe->getTemplate() . '/login.php'; require_once( $path ); doGzip(); } ?>