Index: trunk/kernel/include/modules.php
===================================================================
diff -u -N -r6093 -r6428
--- trunk/kernel/include/modules.php	(.../modules.php)	(revision 6093)
+++ trunk/kernel/include/modules.php	(.../modules.php)	(revision 6428)
@@ -4,9 +4,13 @@
 */
 
 $ado =& GetADODBConnection();
-$session_cookie_name = $ado->GetOne('SELECT VariableValue FROM '.$g_TablePrefix.'ConfigurationValues WHERE VariableName = "SessionCookieName"');
-define('SESSION_COOKIE_NAME', $session_cookie_name ? $session_cookie_name : 'sid');
 
+$application =& kApplication::Instance();
+define('SESSION_COOKIE_NAME', $application->Session->CookieName);
+
+/*$session_cookie_name = $ado->GetOne('SELECT VariableValue FROM '.$g_TablePrefix.'ConfigurationValues WHERE VariableName = "SessionCookieName"');
+define('SESSION_COOKIE_NAME', $session_cookie_name ? $session_cookie_name : 'sid');
+*/
 set_cookie('cookies_on', '1', adodb_mktime() + 31104000);
 
 // if branches that uses if($mod_prefix) or like that will never be executed
@@ -222,6 +226,15 @@
 	if ( substr($t, 0, strlen('kernel4:') ) == 'kernel4:' ) $t = substr($t, strlen('kernel4:') );
 
 	$url_params = Array('t' => $t);
+	// sicne 1.3.0 the category is not passed by default when mod_rewrite is on
+	// enable pass category for module templates (they usually need it) and suggest_cat.
+	// platform templates usually do not need category
+	if (
+				preg_match('/^inlink|^inbulletin|^innews/', $t)	||
+				in_array(preg_replace('/\.tpl$/', '', $t), array('suggest_cat'))
+			) {
+		$url_params['pass_category'] = 1;
+	}
 	$app =& kApplication::Instance();
 	$app->SetVar('prefixes_passed', Array() );
 
@@ -339,72 +352,72 @@
 
 function admin_login()
 {
-    global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny;
-//    echo "<pre>"; print_r($objSession); echo "</pre>";
+	global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny;
+	//    echo "<pre>"; print_r($objSession); echo "</pre>";
 
 	if( GetVar('help_usage') == 'install' ) return true;
 
-    $env_arr = explode('-', $_GET['env']);
-    $get_session_key = $env_arr[0];
-    $admin_login = isset($_POST['adminlogin']) && $_POST['adminlogin'];
-    if(!$objSession->ValidSession() || ($objSession->GetSessionKey() != $get_session_key && !$admin_login)) {
-      	if( isset($_GET['expired']) && ($_GET['expired'] == 1) )
-    		$login_error = admin_language("la_text_sess_expired");
+	$env_arr = explode('-', $_GET['env']);
+	$get_session_key = $env_arr[0];
+	$admin_login = isset($_POST['adminlogin']) && $_POST['adminlogin'];
+	if(!$objSession->ValidSession()) { //  || ($objSession->GetSessionKey() != $get_session_key && !$admin_login)
+		if( isset($_GET['expired']) && ($_GET['expired'] == 1) )
+		$login_error = admin_language("la_text_sess_expired");
 
-    	return FALSE;
-    	//echo "Expired<br>";
-    }
+		return FALSE;
+		//echo "Expired<br>";
+	}
 
 	if ($objSession->HasSystemPermission("ADMIN") == 1)
-		return TRUE;
+	return TRUE;
 
-    if(count($_POST)==0 || $_POST["adminlogin"]!=1)
-      return FALSE;
-    $login=$_POST["login"];
-    $password = $_POST["password"];
+	if(count($_POST)==0 || $_POST["adminlogin"]!=1)
+	return FALSE;
+	$login=$_POST["login"];
+	$password = $_POST["password"];
 
-    if (strlen($login) && strlen($password))
-    {
-      if(!_IpAccess($_SERVER['REMOTE_ADDR'],$g_Allow,$g_Deny))
-      {
-    	  $login_error = admin_language("la_text_address_denied");
-    	  return FALSE;
-      }
-      $valid = $objSession->Login($login, md5($password));
-      $hasperm = ($objSession->HasSystemPermission("ADMIN") == 1);
-      if (($login=="root" || $hasperm) && $valid)
-      {
-          if(_ValidateModules())
-          {
-            return TRUE;
-          }
-          else
-              $login_error = "Missing or invalid In-Portal License";
-      }
-	  else
-	  {
-	  	if(!$hasperm && $valid)
-	  	{
-	  		$login_error = admin_language("la_text_nopermissions");
-	  	}
-	  	else
-	  	{
-	  	  $login_error = admin_language("la_Text_Access_Denied");
-	  	}
-	  	return FALSE;
-	  }
+	if (strlen($login) && strlen($password))
+	{
+		if(!_IpAccess($_SERVER['REMOTE_ADDR'],$g_Allow,$g_Deny))
+		{
+			$login_error = admin_language("la_text_address_denied");
+			return FALSE;
+		}
+		$valid = $objSession->Login($login, md5($password));
+		$hasperm = ($objSession->HasSystemPermission("ADMIN") == 1);
+		if (($login=="root" || $hasperm) && $valid)
+		{
+			if(_ValidateModules())
+			{
+				return TRUE;
+			}
+			else
+			$login_error = "Missing or invalid In-Portal License";
+		}
+		else
+		{
+			if(!$hasperm && $valid)
+			{
+				$login_error = admin_language("la_text_nopermissions");
+			}
+			else
+			{
+				$login_error = admin_language("la_Text_Access_Denied");
+			}
+			return FALSE;
+		}
 	}
-    else
-    {
-    	if(!strlen($login))
-    	{
-    	  $login_error = admin_language("la_Text_Missing_Username");
-    	}
-    	else
-    	  if(!strlen($password))
-    	  	$login_error = admin_language("la_Text_Missing_Password");
-        return FALSE;
-    }
+	else
+	{
+		if(!strlen($login))
+		{
+			$login_error = admin_language("la_Text_Missing_Username");
+		}
+		else
+		if(!strlen($password))
+		$login_error = admin_language("la_Text_Missing_Password");
+		return FALSE;
+	}
 }
 
 
@@ -813,8 +826,12 @@
 	$SessionQueryString = false;				// by default assume, that SID is located in cookie
 	if( !isset($FrontEnd) ) $FrontEnd = false;	// if frontend not explicitly defined, than
 
-if($FrontEnd != 1)
+	$SessionQueryString = $application->Session->NeedQueryString();
+
+
+/*if($FrontEnd != 1) {
   $SessionQueryString = true;
+}*/
 
 if (is_array($mod_prefix)) {
     ParseEnv();
@@ -834,26 +851,26 @@
 if ( !isset($var_list['sid']) ) $var_list['sid'] = '';
 if ( !isset($_GET['env']) ) $_GET['env'] = '';
 
-if(strlen($var_list["sid"])==0 && strlen($_GET["env"])>0 && $objConfig->Get("CookieSessions")==2)
+if(strlen($var_list["sid"])==0 && strlen($_GET["env"])>0 && $objConfig->Get("CookieSessions")==smCOOKIES_ONLY)
 {
-    if(_IsSpider($_SERVER["HTTP_USER_AGENT"]))
-    {
-        $UseSession = FALSE;
-    }
-    else
-    {
-        /* switch user to GET session var */
-        if (!$_COOKIE[SESSION_COOKIE_NAME]) {
-        	$SessionQueryString = TRUE;
-        }
-        //else {
-        	//$cg = '--code--';
-        //}
-        $UseSession = TRUE;
-    }
+	if(_IsSpider($_SERVER["HTTP_USER_AGENT"]))
+	{
+		$UseSession = FALSE;
+	}
+	else
+	{
+		/* switch user to GET session var */
+		if (!$_COOKIE[SESSION_COOKIE_NAME]) {
+			$SessionQueryString = TRUE;
+		}
+		//else {
+		//$cg = '--code--';
+		//}
+		$UseSession = TRUE;
+	}
 }
 else {
-    $UseSession = TRUE;
+	$UseSession = TRUE;
 }
 
 if($var_list["sid"]=="_")
@@ -864,7 +881,7 @@
 
 if($Action == 'm_logout')
 {
-   $u = new clsUserSession($var_list['sid'] ,($SessionQueryString && $FrontEnd==1));
+   $u = new clsUserSession($var_list['sid']); // ,($SessionQueryString && $FrontEnd==1)
 
    $application =& kApplication::Instance();
    $application->HandleEvent( new kEvent('u:OnInpLogout') );
@@ -888,13 +905,13 @@
 
 $HTTP_REFERER = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
 
-if ( ($CookieTest == 1)  /*|| !strstr($HTTP_REFERER, $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path"))*/) {
+/*if ( ($CookieTest == 1)  ) { // || !strstr($HTTP_REFERER, $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path"))
 	$SessionQueryString = FALSE;
 }
 
 if ($FrontEnd != 1) {
 	$SessionQueryString = TRUE;
-}
+}*/
 
 // SID detecting engine: end
 
@@ -914,7 +931,7 @@
       $objSession->SetThemeName($m_var_list["theme"]);
     if($objConfig->Get("CookieSessions")>0 && !$SessionQueryString && !headers_sent())
     {
-    	set_cookie(SESSION_COOKIE_NAME, $var_list['sid'], 0);
+//    	set_cookie(SESSION_COOKIE_NAME, $var_list['sid'], 0);
     }
     //echo "New Session: ".$objSession->GetSessionKey()."<br>\n";
     if(isset($_COOKIE["login"]) && $Action != "m_logout" && $FrontEnd==1)