$arControllerLog = array('NAME' => 'AUTH', 'CONTROLLER_MEMBER_ID' => $ar["ID"], 'STATUS' => 'Y'); $dbUser = CUser::GetByLogin($oRequest->arParameters['login']); if (!($arUser = $dbUser->Fetch())) { $oResponse->status = "444 User is not found."; $oResponse->text = "User is not found."; $arControllerLog['STATUS'] = 'N'; } else { if (strlen($arUser["PASSWORD"]) > 32) { $salt = substr($arUser["PASSWORD"], 0, strlen($arUser["PASSWORD"]) - 32); $db_password = substr($arUser["PASSWORD"], -32); } else { $salt = ""; $db_password = $arUser["PASSWORD"]; } if ($arUser['ACTIVE'] == 'Y' && md5($db_password . 'MySalt') == md5(md5($salt . $oRequest->arParameters['password']) . 'MySalt')) { $arSaveUser = CControllerClient::PrepareUserInfo($arUser); $arSaveUser["GROUP_ID"] = array(); $arUserGroups = CUser::GetUserGroup($arUser['ID']); $MOD_RIGHT = $APPLICATION->GetGroupRight("controller", $arUserGroups); if ($MOD_RIGHT >= "V") { $arSaveUser['CONTROLLER_ADMIN'] = 'Y'; $arSaveUser["GROUP_ID"][] = "administrators"; } elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y") { $oResponse->status = "423 Remoute Authorization Disabled."; $oResponse->text = "Remote authorization disabled on controller."; break; } $arLocGroups = unserialize(COption::GetOptionString("controller", "auth_loc", serialize(array()))); foreach ($arLocGroups as $arTGroup) { foreach ($arUserGroups as $group_id) { if ($arTGroup["LOC"] == $group_id) {