Index: trunk/kernel/include/usersession.php
===================================================================
diff -u -r1462 -r1566
--- trunk/kernel/include/usersession.php	(.../usersession.php)	(revision 1462)
+++ trunk/kernel/include/usersession.php	(.../usersession.php)	(revision 1566)
@@ -44,7 +44,7 @@
         	if( !isset($_SERVER['HTTP_REFERER']) ) $_SERVER['HTTP_REFERER'] = '';
         	if(!isset($_GET['destform'])) $_GET['destform'] = null;
         	if(!isset($_GET['continue_sess'])) $_GET['continue_sess'] = null;
-        	if( strlen($id) && (strstr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path")) || $_GET['destform'] == 'popup' || $_GET['continue_sess'] == 1))
+        	if( strlen($id) && (strstr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path")) || (defined('IS_POPUP') && IS_POPUP) ||  $_GET['destform'] == 'popup' || $_GET['continue_sess'] == 1))
         	{
         		$this->Set("SessionKey",$id);
            		return $this->LoadFromDatabase($id);
@@ -431,38 +431,40 @@
         }
         else
         {        		  
-		  // logging in any user (admin & front)
-		  $pre = GetTablePrefix();
-          $sql = "SELECT *,MD5(".$pre."PortalUser.Password) as md5pw FROM ".$pre."PortalUser LEFT JOIN ".$pre."UserGroup USING (PortalUserId) "
-        	   ."LEFT JOIN ".$pre."PortalGroup ON (".$pre."UserGroup.GroupId=".$pre."PortalGroup.GroupId)
-       			WHERE
-        			".$pre."PortalUser.Login='$userLogin' AND ".$pre."PortalUser.Status=1 
-        			AND (".$pre."PortalUser.Password='$userPassword' OR MD5(".$pre."PortalUser.Password)='$userPassword' OR ".$pre."PortalUser.Password='".md5($userPassword)."')          
-				ORDER BY ".$pre."UserGroup.PrimaryGroup DESC, ".$pre."PortalGroup.Personal DESC";
-//echo $sql."<br>\n";
-          $result = $this->adodbConnection->Execute($sql);
+        	// logging in any user (admin & front)
+        	$db =& $this->adodbConnection;
+        	$prefix = GetTablePrefix();
 
-          if ($result === false)
-          {
-            $this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Login");
-            return false;
-          }
-          
-          if($result->EOF) return -1; // no any user with username & pass specified
+        	$key_clause = $objConfig->Get('Email_As_Login') ? 'pu.Email = %1$s' : 'pu.Login = %1$s';
+        	
+        	$sql = 'SELECT *, MD5(pu.Password) AS md5pw
+          			FROM '.$prefix.'PortalUser pu
+          			LEFT JOIN '.$prefix.'UserGroup ug USING (PortalUserId)
+        	   		LEFT JOIN '.$prefix.'PortalGroup pg ON ug.GroupId = pg.GroupId
+       				WHERE ('.$key_clause.') AND (pu.Status = 1) AND (pu.Password = %2$s OR MD5(pu.Password) = %2$s OR pu.Password = MD5(%1$s) )          
+					ORDER BY ug.PrimaryGroup DESC, pg.Personal DESC';
+
+        	$result = $db->Execute( sprintf($sql, $db->qstr($userLogin), $db->qstr($userPassword) ) );
+
+        	if($result === false)
+        	{
+        		$this->m_Errors->AddError('error.DatabaseError',NULL,$this->adodbConnection->ErrorMsg(),'',get_class($this),'Login');
+        		return false;
+        	}
+
+        	if($result->EOF) return -1; // no any user with username & pass specified
         }
-        if(!strlen($this->GetSessionKey()))
-        {        
-          $this->GetNewSession();
-        }
         
+        if( !strlen($this->GetSessionKey()) ) $this->GetNewSession();
+
         $this->Set("PortalUserId", $result->fields["PortalUserId"]);
-       // unset($this->CurrentUser);
-       $this->CurrentUser=null;
-        if(strlen($result->fields["tz"])>0)
-            $this->Set("tz",$result->fields["tz"]);
-		$PrimaryGroup=0;
-		$PersonalGroup=0;
-		$GroupList = array();
+       	// unset($this->CurrentUser);
+       	$this->CurrentUser = null;
+        if( strlen($result->fields['tz']) > 0 ) $this->Set('tz',$result->fields['tz']);
+		$PrimaryGroup = 0;
+		$PersonalGroup = 0;
+		$GroupList = Array();
+		
 		while($result && !$result->EOF)
 		{
 		  $skipadd=0;
@@ -520,14 +522,16 @@
     {
         global $objConfig;
 
-       	$this->Set("PortalUserId", 0);
+       	$this->Set("PortalUserId", 0);	// not logged-in
+       	$this->Set('LastAccessed',0);	// session become expired
        	$this->Set("GroupId", $objConfig->Get("User_GuestGroup"));
 		#$this->SetPersistantVariable("LastLogin", time());       
         $this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
         $this->Set("IpAddress",$_SERVER['REMOTE_ADDR']);
+        
         $this->DeleteSessionData($this->GetSessionKey());
 		$this->Update();
-        $this->Delete(); 
+        //$this->Delete(); 
         $this->ResetSysPermCache();
         $this->PermCache = array();
 	}
@@ -634,7 +638,9 @@
        }
        
        if(!is_object($this->CurrentUser))
+       {
            $this->CurrentUser = $objUsers->GetItem($this->Get("PortalUserId"));
+       }
        if(!$this->CurrentUser->VarsLoaded)
        {
            $this->CurrentUser->LoadPersistantVars();
@@ -681,53 +687,43 @@
 
    function DeleteEditTables()
    {
-       $tables = $this->adodbConnection->MetaTables();
-       $sql = "SHOW TABLES";
-       //echo "<PRE>";print_r($tables); echo "</PRE>";
-       for($i=0;$i<count($tables);$i++)
-       {
-         $t = strtoupper($tables[$i]);
-         $p = strtoupper(GetTablePrefix()."ses_ad");
-         $k = substr($t,0,strlen($p));
-
-         if($k == $p && strpos($t,"FD_")>0)
-         {
-             $key = "AD".strtoupper(substr($t,strlen($p),strpos($t,"FD_")-strlen($p)))."FD";
-             $sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$key'";
-             //echo $sql."<br>\n";
-             $rs = $this->adodbConnection->Execute($sql);
-             if(!$rs || $rs->EOF)
-             {
-                 //echo "Dropping Table $tables[$i] <br>\n";
-                 @$this->adodbConnection->Execute("DROP TABLE IF EXISTS ".$tables[$i]);
-             }
-         }
-       }
+   		$tables = $this->adodbConnection->MetaTables();
+		$mask = '/'.GetTablePrefix().'ses_(.*)_edit_(.*)/';
+		$sql='SELECT COUNT(*) FROM '.GetTablePrefix().'UserSession WHERE SessionKey = \'%s\'';
+		foreach($tables as $table)
+		{
+			if( preg_match($mask,$table,$rets) )
+			{
+				$sid=$rets[1];
+				$is_alive = $this->adodbConnection->GetOne( sprintf($sql,$sid) );
+				if(!$is_alive) @$this->adodbConnection->Execute('DROP TABLE IF EXISTS '.$table);
+			}
+		}
    }
   
 	function DeleteExpiredSessions()
 	{
-        global $objConfig;
+		global $objConfig;
 
 		$cutoff = time()-$objConfig->Get("SessionTimeout");
 		$thiskey = $this->GetSessionKey();
 		$sql = "SELECT SessionKey from ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff AND SessionKey != '$thiskey'";
 		$result = $this->adodbConnection->Execute($sql);
-        $keys = array();
-        while ($result && !$result->EOF)
-        {        
-		  	$keys[] = "SessionKey='" . $result->fields["SessionKey"] . "'";
-		   	$result->MoveNext();
+		$keys = array();
+		while ($result && !$result->EOF)
+		{
+			$keys[] = "SessionKey='" . $result->fields["SessionKey"] . "'";
+			$result->MoveNext();
 		}
-        if(count($keys)>0)
-        {        
-		  $keywhere = implode(" OR ", $keys);
-          $sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE $keywhere";
-          //echo $sql;
-		  $this->adodbConnection->Execute($sql);	
-		  $this->adodbConnection->Execute("DELETE FROM ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff");
-		  $this->DeleteEditTables();
-		}        
+		if(count($keys)>0)
+		{
+			$keywhere = implode(" OR ", $keys);
+			$sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE $keywhere";
+			//echo $sql;
+			$this->adodbConnection->Execute($sql);
+			$this->adodbConnection->Execute("DELETE FROM ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff");
+			$this->DeleteEditTables();
+		}
 	}
 
     function SetSysPermCache()