Index: branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php
===================================================================
diff -u -r3936 -r4040
--- branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php	(.../usersession.php)	(revision 3936)
+++ branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php	(.../usersession.php)	(revision 4040)
@@ -32,7 +32,7 @@
         $this->adodbConnection = &GetADODBConnection();
 
         $this->PermCache = array();
-        $this->PermCacheGroups ="";
+        $this->PermCacheGroups = '';
         $this->UseTempKeys = $TempKeys;
         $this->AdminSearchFields = array("UserName", "GroupName", "us.IpAddress");
 
@@ -772,86 +772,98 @@
 		}
 	}
 
-    function SetSysPermCache()
-    {
+	function SetSysPermCache()
+	{
         unset($this->SysPermCache);
-        $GroupList = $this->Get("GroupList");
+        $GroupList = $this->Get('GroupList');
 
-        if(strlen($GroupList) && $GroupList !="0")
-        {
-          $this->SysPermCache = array();
-          $sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE Type=1 AND GroupId IN (".$GroupList.")";
-          //echo $sql."<br>\n";
-          $rs = $this->adodbConnection->Execute($sql);
-
-          while($rs && !$rs->EOF)
-          {
-            $val = $rs->fields["PermissionValue"];
-            //if($val==1)
-                $this->SysPermCache[$rs->fields["Permission"]] = $val;
-            $PermList[] = $rs->fields["Permission"];
-            $rs->MoveNext();
-          }
-          if( isset($PermList) && count($PermList) > 0) // I think this is never issued (comment by Alex)
-            $this->SetVariable("SysPerm",implode(",",$PermList));
+        if ($GroupList && $GroupList != '0') {
+			$this->SysPermCache = Array();
+			$sql = 'SELECT *
+					FROM '.GetTablePrefix().'Permissions
+					WHERE Type = 1 AND GroupId IN ('.$GroupList.')'; // AND PermissionValue = 1';
+			
+			$rs = $this->adodbConnection->Execute($sql);
+			
+			$PermList = Array();
+			while (!$rs->EOF) {
+				$this->SysPermCache[ $rs->fields['Permission'] ] = $rs->fields['PermissionValue'];
+				$PermList[] = $rs->fields['Permission'];
+				$rs->MoveNext();
+			}
+			
+			if ($PermList) {
+				$this->SetVariable('SysPerm', implode(',', $PermList));
+	        }
         }
     }
 
+    /**
+     * Fills system permission cache in session (memory only, not db)
+     *
+     */
     function GetSysPermCache()
     {
-        $perms = trim($this->GetVariable("SysPerm"));
-        if(!strlen($perms))
-        {
+        $perms = trim($this->GetVariable('SysPerm'));
+        if (!$perms) {
             $this->SetSysPermCache();
         }
-        else
-        {
-            $p = explode(",",$perms);
-
-            $this->SysPermCache = array();
-            for($i=0;$i<count($p);$i++)
+        else {
+            $p = explode(',', $perms);
+            $this->SysPermCache = Array();
+            for($i = 0; $i < count($p); $i++)
             {
                 $n = $p[$i];
-                $this->SysPermCache[$n]=1;
+                $this->SysPermCache[$n] = 1;
             }
         }
     }
 
+    /**
+     * Allows to detect if system permissions are loaded
+     *
+     * @return bool
+     */
     function SysPermCacheLoaded()
     {
-        return (isset($this->SysPermCache));
+        return isset($this->SysPermCache);
     }
 
+    /**
+     * Resets system permission cache
+     *
+     */
     function ResetSysPermCache()
     {
-       // echo "Resetting Perm Cache<br>\n";
-        $this->SetVariable("SysPerm","");
+        $this->SetVariable('SysPerm', '');
         unset($this->SysPermCache);
-        //$this->SysPermCache=array();
     }
 
 	function HasSystemPermission($PermissionName)
     {
 	    global $objGroups;
 
-        if($this->Get("PortalUserId")==-1 && ($PermissionName=="ADMIN" || $PermissionName=="LOGIN"))
-            return TRUE;
-        //echo "Looking up $PermissionName:".$this->Get("GroupList")."<br>\n";
-        //echo $this->Get("GroupList")." - ".$this->PermCacheGroups;
-        $GroupList = $this->Get("GroupList");
-        if(substr($GroupList,-1)==",")
-        {
-           $GroupList = substr($GroupList,0,-1);
-           $this->Set("GroupList",$GroupList);
+        // "root" is always allowed to login to admin
+	    if ($this->Get('PortalUserId') == -1 && ($PermissionName == 'ADMIN' || $PermissionName == 'LOGIN') ) {
+            return true;
         }
-        //print_pre(   $GroupList);
-        if($this->Get("GroupList")!=$this->PermCacheGroups)
-            $this->ResetSysPermCache();
-        if(!$this->SysPermCacheLoaded())
-        {
-            //echo "Loading Perm Cache<br>\n";
+        
+        // cut last comma (just in case in-portal made a mistake before)
+        $GroupList = $this->Get('GroupList');
+        if (substr($GroupList, -1) == ',') {
+           $GroupList = substr($GroupList, 0, -1);
+           $this->Set('GroupList', $GroupList);
+        }
+        
+        // if loaded permissions are from other group list, then current (e.g. user is become logged-in during script run)
+        if ($this->Get('GroupList') != $this->PermCacheGroups) {
+			$this->ResetSysPermCache();
+        }
+        
+        // load system permission cache if not already loaded
+        if (!$this->SysPermCacheLoaded()) {
             $this->GetSysPermCache();
-            $this->PermCacheGroups = $this->Get("GroupList");
+            $this->PermCacheGroups = $this->Get('GroupList');
         }
         //echo "SysPerm $PermissionName: [". $this->SysPermCache[$PermissionName]."]<br>\n";
         return isset($this->SysPermCache[$PermissionName]) ? $this->SysPermCache[$PermissionName] == 1 : false;