sub cgiapp_prerun {
 # application object
 my $self = shift;
  
 # check member access and redirect accordingly
 $self->accessControll;
}


sub accessControll {
 # application object
 my $self = shift;

 # get cgi query object
 my $q = $self->query();
 my %post = $q->Vars;
  
 # get session object
 my $session = $self->session;

 # if login is not old
 if($self->init() ne 2){
  # Redirect to startpage if login
  if ($session->param("~logged-in")) {
   $self->prerun_mode($config->{login_successRM});
  }
 }
  
 # after the third login attempt, redirect
 if ( $session->param("~login-trials") >= 3 ) {   
  # change password for username
  # UPDATE password in USERNAME table	
  $self->redirect_output_now('login_error');
 }
    
 # Redirect to startpage if logout
 if( $self->get_current_runmode() eq "logout"){
  $self->logout();
  $self->prerun_mode('logout');
 } 
}


#
#  $post{lg_name} and $post{lg_password} are sent from my login form
#
sub init {
 # application object
 my $self = shift;

 # get cgi query object
 my $q = $self->query();
 my %post = $q->Vars;
		
 # get session object		
 my $session = $self->session;			

 # database handle
 my $dbh = $self->param('dbh');	

 if ( $session->param("~logged-in") ) {
  return 2;  # if logged in, don't bother going further
 }

 my $lg_name  = $post{lg_name} or return;
 my $lg_psswd = $post{lg_password} or return;

 # if we came this far, user did submit the login form
 # so let's try to load his/her profile if name/psswds match
 my @sql_bind = ($lg_name, $lg_psswd, 1);
 my $sql_statement = qq/
		 	SELECT ID, 
                        MEMBER_TYPE_ID, 
			UNAME, 
			PWORD 
			FROM MEMBER 
			WHERE UNAME=? 
			AND PWORD=? 
			AND ACTIVE=? /;							
 my (@loop_data) = $self->fetchLoopData($dbh, $sql_statement, @sql_bind);

 if(@loop_data>0){
  # login information
  $session->param('mid' => $loop_data[0]{ID});
  $session->param('member_type' => $loop_data[0]{MEMBER_TYPE_ID});

  $session->param("~logged-in", 1);
  $session->expires("~logged-in", "+120m"); # expires ~logged-in flag in 30 mins
  $session->clear(["~login-trials"]);
  return 1;
 }

 $session->param('info' => 'returnera 3');
 # if we came this far, the login/psswds do not match
 # the entries in the database
 my $trials = $session->param("~login-trials") || 0;
 return $session->param("~login-trials", ++$trials);
}