diff --git a/class2.php b/class2.php
index 2559e482f..083c23421 100755
--- a/class2.php
+++ b/class2.php
@@ -1746,18 +1746,43 @@ function cookie($name, $value, $expire=0, $path = e_HTTP, $domain = '', $secure
 	{
 		return null;
 	}
-
+/*
 	if(!e_SUBDOMAIN || (defined('MULTILANG_SUBDOMAIN') && MULTILANG_SUBDOMAIN === true))
 	{
 		$domain = (e_DOMAIN !== false) ? ".".e_DOMAIN : "";
-	}	
+	}
+	*/
+	if((empty($domain) && !e_SUBDOMAIN) || (defined('MULTILANG_SUBDOMAIN') && MULTILANG_SUBDOMAIN === true))
+	{
+		$domain = (e_DOMAIN !== false) ? ".".e_DOMAIN : '';
+	}
+
+	if(defined('e_MULTISITE_MATCH') && deftrue('e_ADMIN_AREA'))
+	{
+		$path = '/';
+	}
 	
 	setcookie($name, $value, $expire, $path, $domain, $secure, true);
 }
 
-// generic function for retaining values across pages. ie. cookies or sessions.
+//
+/**
+ *
+ * generic function for retaining values across pages. ie. cookies or sessions.
+ * @deprecated Use e107::getUserSession()->makeUserCookie($userData, $autologin); instead.
+ * @param $name
+ * @param $value
+ * @param string $expire
+ * @param string $path
+ * @param string $domain
+ * @param int $secure
+ */
 function session_set($name, $value, $expire='', $path = e_HTTP, $domain = '', $secure = 0)
 {
+
+	//$userData = ['user_name
+//	e107::getUserSession()->makeUserCookie($userData, $autologin);
+
 	global $pref;
 	if ($pref['user_tracking'] === 'session')
 	{
diff --git a/e107_admin/auth.php b/e107_admin/auth.php
index 747585d73..d6e977927 100644
--- a/e107_admin/auth.php
+++ b/e107_admin/auth.php
@@ -24,9 +24,6 @@ e107::getDebug()->logTime('(Start auth.php)');
 
 define('e_CAPTCHA_FONTCOLOR','#F9A533');
 
-
-
-
 // Required for a clean v1.x -> v2 upgrade. 
 $core = e107::getConfig('core');
 
@@ -121,14 +118,15 @@ else
 	}
 	
 	require_once(e_ADMIN.'boot.php');
-	
+
 	$sec_img = e107::getSecureImg();
 
 	$use_imagecode = (vartrue($pref['admincode']) && extension_loaded("gd"));
 
-	if ($_POST['authsubmit'])
+
+	// login check.
+	if(!empty($_POST['authsubmit']))
 	{
-		$obj = new auth;
 
 		if ($use_imagecode)
 		{	
@@ -136,84 +134,32 @@ else
 			{
 				e107::getRedirect()->redirect('admin.php?failed');
 				exit;
-			//	echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n";
-			//	header("location: ../index.php");
-			//	exit;
 			}
 		}
 
-	//	require_once (e_HANDLER.'user_handler.php');
-		/** @var array $row */
-		$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], ''));
-
-		if ($row[0] == "authfail")
+		if(!$result = e107::getUser()->login($_POST['authname'], $_POST['authpass'], false, varset($_POST['hashchallenge']), true))
 		{
-			e107::coreLan('log_messages', true);
-			$admin_log->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".$tp->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING);
-			echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n";
+				e107::coreLan('log_messages', true);
+				e107::getLog()->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".$tp->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING);
+				echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n";
 
-			e107::getRedirect()->redirect('admin.php?failed');
-			exit;
+				e107::getRedirect()->redirect('admin.php?failed');
+				exit;
 		}
-		else
-		{
 
-			$reHashedPass = e107::getUserSession()->rehashPassword($row,$_POST['authpass']);
-			if($reHashedPass !==false)
-			{
-				e107::getLog()->add('ADMINPW_02', '', E_LOG_INFORMATIVE, '', LOG_TO_ADMIN, $row);
-				$row['user_password'] = $reHashedPass;
-			}
+		e107::getRedirect()->go('admin');
+		exit;
 
-			$cookieval = $row['user_id'].".".md5($row['user_password']);
-
-
-
-			// Calculate class membership - needed for a couple of things
-			// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
-			$class_list = explode(',', $row['user_class']);
-			if ($row['user_admin'] && strlen($row['user_perms']))
-			{
-				$class_list[] = e_UC_ADMIN;
-				if (strpos($row['user_perms'], '0') === 0)
-				{
-					$class_list[] = e_UC_MAINADMIN;
-				}
-			}
-			$class_list[] = e_UC_MEMBER;
-			$class_list[] = e_UC_PUBLIC;
-
-
-			if (in_array(varset($pref['user_audit_class'], ''), $class_list))
-			{
-				e107::getLog()->user_audit(USER_AUDIT_LOGIN, ['Login via admin page'], $row['user_id'], $row['user_name']);
-			}
-
-			$edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list), 'user_admin'=> $row['user_admin']);
-			
-			// Fix - set cookie before login trigger
-			$sessionLife = (int) e107::getPref('session_lifetime', ( 3600 * 24 * 30)); // default 1 month.
-
-			if($sessionLife > 0)
-			{
-				$sessionLife = time() + $sessionLife;
-			}
-
-			session_set(e_COOKIE, $cookieval, $sessionLife);
-
-			unset($sessionLife,$cookieval);
-		
-			// ---
-			
-			e107::getEvent()->trigger("login", $edata_li);
-
-
-
-			e107::getRedirect()->redirect(e_ADMIN_ABS.'admin.php');
-			//echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
-		}
 	}
 
+
+
+
+
+
+
+
+
 	$e_sub_cat = 'logout';
 	if (ADMIN == FALSE)
 	{
@@ -407,91 +353,6 @@ class auth
 	}
 
 
-	/**
-	 * Admin auth check
-	 * @param string $authname, entered name
-	 * @param string $authpass, entered pass
-	 * @param object $authresponse [optional]
-	 * @return array if fail, 'authfail' will contain a message.
-	 *
-	 */
-	public function authcheck($authname, $authpass, $authresponse = '')
-	{
-		$pref 		= e107::getPref();
-		$tp 		= e107::getParser();
-		$sql_auth 	= e107::getDb('sql_auth');
-		$user_info 	= e107::getUserSession();
-		$reason 	= '';
-
-		$authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname)));
-		$authpass = trim($authpass);
-
-		if ((($authpass == '') && ($authresponse == '')) || ($authname == ''))
-			$reason = 'np';
-		if (strlen($authname) > varset($pref['loginname_maxlength'], 30))
-			$reason = 'lu';
-
-		if (!$reason)
-		{
-			if ($sql_auth->select("user", "*", "user_loginname='{$authname}' AND user_admin = 1 "))
-			{
-				$row = $sql_auth->fetch();
-			}
-			elseif ($sql_auth->select("user", "*", "(user_name='{$authname}' OR user_email='{$authname}' ) AND user_admin=1 "))
-			{
-				$row = $sql_auth->fetch();
-				$authname = $row['user_loginname'];
-			}
-			else
-			{
-				$reason = 'iu';
-			}
-		}
-
-		if (!$reason && ($row['user_id'])) // Can validate password
-		{
-			$session = e107::getSession();
-			if (($authresponse && $session->is('prevchallenge')) && ($authresponse != $session->get('prevchallenge')))
-			{ // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
-				/*
-				$title = 'Login via admin';
-				$extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password'];
-				$text = 'CHAP: '.$username.' ('.$extra_text.')';
-				$title = e107::getParser()->toDB($title);
-				$text  = e107::getParser()->toDB($text);
-				e107::getAdminLog()->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
-
-				$logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp);
-				*/
-				
-				if (($pass_result = $user_info->CheckCHAP($session->get('prevchallenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID)
-				{
-					return $row;
-				}
-			}
-			else
-			{ // Plaintext password
-				/*
-				$title = 'Login via admin';
-				$extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password'];
-				$text = 'STD: '.$username.' ('.$extra_text.')';
-				$title = e107::getParser()->toDB($title);
-				$text  = e107::getParser()->toDB($text);
-				e107::getAdminLog()->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
-
-//				$logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp);
-				*/
-
-				if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID)
-				{
-					return $row;
-				}
-
-			}
-		}
-		return array("authfail", "reason"=>$reason);
-	}
 }
 
-//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
-?>
+
diff --git a/e107_handlers/login.php b/e107_handlers/login.php
index 38f2b23e7..93d3bc772 100644
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -685,32 +685,27 @@ class userlogin
 		// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
 		$class_list = $this->userMethods->addCommonClasses($userData, true);
 
-		//	$user_logging_opts = e107::getConfig()->get('user_audit_opts');
 
-		/*	if (in_array(varset($pref['user_audit_class'],''), $class_list))
-			{  // Need to note in user audit trail
-				$log = e107::getLog();
-				$log->user_audit(USER_AUDIT_LOGIN,'', $user_id, $user_name);
-			}*/
 
 		$edata_li = array('user_id'    => $userData['user_id'], 'user_name' => $userData['user_name'], 'class_list' => implode(',', $class_list), /*'remember_me' => $autologin,*/
 		                  'user_admin' => $userData['user_admin'], 'user_email' => $userData['user_email']);
-		
+
+		$userAuditPref = e107::getPref('user_audit_class', e_UC_NOBODY);
+		if (check_class($userAuditPref, $class_list))
+		{
+			e107::getLog()->user_audit(USER_AUDIT_LOGIN,'', $edata_li);
+		}
+
 		e107::getEvent()->trigger("login", $edata_li);
 
-
-		if(check_class(e_UC_NEWUSER, $class_list))
+		//  // 'New user' probationary period expired - we can take them out of the class
+		if(check_class(e_UC_NEWUSER, $class_list) && $this->userMethods->newUserExpired($userData['user_join']))
 		{
-			if($this->userMethods->newUserExpired($userData['user_join']))  // 'New user' probationary period expired - we can take them out of the class
-			{
-				$userData['user_class'] = e107::getUserClass()->ucRemove(e_UC_NEWUSER, $userData['user_class']);
-//				$this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$userData['user_class'],FALSE,FALSE);
-
-				e107::getDb()->update('user', "`user_class` = '" . $userData['user_class'] . "' WHERE `user_id`=" . $userData['user_id'] . " LIMIT 1");
-
-				$edata_li = array('user_id' => $userData['user_id'], 'user_name' => $userData['user_name'], 'class_list' => $userData['user_class'], 'user_email' => $userData['user_email']);
-				e107::getEvent()->trigger('userNotNew', $edata_li);
-			}
+			$userData['user_class'] = e107::getUserClass()->ucRemove(e_UC_NEWUSER, $userData['user_class']);
+//			$this->e107->admin_log->addEvent(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$userData['user_class'],FALSE,FALSE);
+			e107::getDb()->update('user', "`user_class` = '" . $userData['user_class'] . "' WHERE `user_id`=" . $userData['user_id'] . " LIMIT 1");
+			$edata_li = array('user_id' => $userData['user_id'], 'user_name' => $userData['user_name'], 'class_list' => $userData['user_class'], 'user_email' => $userData['user_email']);
+			e107::getEvent()->trigger('userNotNew', $edata_li);
 		}
 
 		return $cookieval;