debug( $mosConfig_debug ); $acl = new gacl_api(); $option = mosGetParam( $_REQUEST, 'option', NULL ); // mainframe is an API workhorse, lots of 'core' interaction routines $mainframe = new mosMainFrame( $database, $option, '..', true ); if (isset( $_POST['submit'] )) { /** escape and trim to minimise injection of malicious sql */ $usrname = $database->getEscaped( trim( mosGetParam( $_POST, 'usrname', '' ) ) ); $pass = $database->getEscaped( trim( mosGetParam( $_POST, 'pass', '' ) ) ); if (!$pass) { echo "\n"; } else { $pass = md5( $pass ); } $query = "SELECT COUNT(*)" . "\n FROM #__users" . "\n WHERE ( LOWER( usertype ) = 'administrator'" . "\n OR LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator' )" ; $database->setQuery( $query ); $count = intval( $database->loadResult() ); if ($count < 1) { echo "\n"; exit(); } $query = "SELECT * FROM #__users WHERE username='$usrname' AND block='0'"; $database->setQuery( $query ); $my = null; $database->loadObject( $my ); /** find the user group (or groups in the future) */ if (@$my->id) { $grp = $acl->getAroGroup( $my->id ); $my->gid = $grp->group_id; $my->usertype = $grp->name; if (strcmp( $my->password, $pass ) || !$acl->acl_check( 'administration', 'login', 'users', $my->usertype )) { echo "\n"; exit(); } session_name( md5( $mosConfig_live_site ) ); session_start(); $logintime = time(); $session_id = md5( "$my->id$my->username$my->usertype$logintime" ); $query = "INSERT INTO #__session" . "\nSET time='$logintime', session_id='$session_id', " . "userid='$my->id', usertype='$my->usertype', username='$my->username'" ; $database->setQuery( $query ); if (!$database->query()) { echo $database->stderr(); } $_SESSION['session_id'] = $session_id; $_SESSION['session_user_id'] = $my->id; $_SESSION['session_username'] = $my->username; $_SESSION['session_usertype'] = $my->usertype; $_SESSION['session_gid'] = $my->gid; $_SESSION['session_logintime'] = $logintime; $_SESSION['session_userstate'] = array(); session_write_close(); /** cannot using mosredirect as this stuffs up the cookie in IIS */ echo "\n"; exit(); } else { echo "\n"; exit(); } } else { initGzip(); $path = $mosConfig_absolute_path . '/administrator/templates/' . $mainframe->getTemplate() . '/login.php'; require_once( $path ); doGzip(); } ?>