getRequest(); $user = $session->getUser(); if (!$user) { if ($request->getPost('login')) { $postLogin = $request->getPost('login'); $username = $postLogin['username']; $password = $postLogin['password']; if (!empty($username) && !empty($password)) { $user = Mage::getModel('admin/user')->login($username, $password); if ( $user->getId() && $user->getIsActive() != '1' ) { if (!$request->getParam('messageSent')) { Mage::getSingleton('adminhtml/session')->addError(__('Your Account has been deactivated.')); $request->setParam('messageSent', true); } } elseif (!Mage::getModel('admin/user')->hasAssigned2Role($user->getId())) { if (!$request->getParam('messageSent')) { Mage::getSingleton('adminhtml/session')->addError(__('Access Denied.')); $request->setParam('messageSent', true); } } else { if ($user->getId()) { $session->setUser($user); header('Location: '.$request->getRequestUri()); exit; } else { if (!$request->getParam('messageSent')) { Mage::getSingleton('adminhtml/session')->addError(__('Invalid Username or Password.')); $request->setParam('messageSent', true); } } } } } if (!$request->getParam('forwarded')) { if (function_exists('apache_request_headers')) { foreach (apache_request_headers() as $k=>$v) { if (strtolower($k)==='x-requested-with' && strtolower($v)==='xmlhttprequest') { header('HTTP/1.1 403 Session Expired'); header('Login-Required: true'); exit; } } } $request->setParam('forwarded', true) ->setControllerName('index') ->setActionName('login') ->setDispatched(false); return false; } } else { $user->reload(); if (!$session->getAcl() || $user->getReloadAclFlag()) { $session->setAcl(Mage::getResourceModel('admin/acl')->loadAcl()); } if ($user->getReloadAclFlag()) { $user->unsetData('password'); $user->setReloadAclFlag('0')->save(); } } } }