$arControllerLog = array('NAME' => 'AUTH', 'CONTROLLER_MEMBER_ID' => $ar["ID"], 'STATUS' => 'Y');
$dbUser = CUser::GetByLogin($oRequest->arParameters['login']);
if (!($arUser = $dbUser->Fetch())) {
$oResponse->status = "444 User is not found.";
$oResponse->text = "User is not found.";
$arControllerLog['STATUS'] = 'N';
} else {
if (strlen($arUser["PASSWORD"]) > 32) {
$salt = substr($arUser["PASSWORD"], 0, strlen($arUser["PASSWORD"]) - 32);
$db_password = substr($arUser["PASSWORD"], -32);
} else {
$salt = "";
$db_password = $arUser["PASSWORD"];
}
if ($arUser['ACTIVE'] == 'Y' && md5($db_password . 'MySalt') == md5(md5($salt . $oRequest->arParameters['password']) . 'MySalt')) {
$arSaveUser = CControllerClient::PrepareUserInfo($arUser);
$arSaveUser["GROUP_ID"] = array();
$arUserGroups = CUser::GetUserGroup($arUser['ID']);
$MOD_RIGHT = $APPLICATION->GetGroupRight("controller", $arUserGroups);
if ($MOD_RIGHT >= "V") {
$arSaveUser['CONTROLLER_ADMIN'] = 'Y';
$arSaveUser["GROUP_ID"][] = "administrators";
} elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y") {
$oResponse->status = "423 Remoute Authorization Disabled.";
$oResponse->text = "Remote authorization disabled on controller.";
break;
}
$arLocGroups = unserialize(COption::GetOptionString("controller", "auth_loc", serialize(array())));
foreach ($arLocGroups as $arTGroup) {
foreach ($arUserGroups as $group_id) {
if ($arTGroup["LOC"] == $group_id) {
