Fix Creloaded Cart Password Problem

My creloaded cart has a strange problem with the administrator login. The main administrator (Top Administrator) can log in regardless of what password is entered. But when I create a new profile and set a password for the account, it rejects it. But when I type in the wrong password I can get in. So basically the set password doesn't work but anything else will! I need this fixed since it's obviously a security problem. I should be able to log in with a password, reset them, and have normal login security. Also, session files are being dumped in the root folder with other files. I think they should be dumped into the tmp folder for what I can understand, so this would need to be fixed as well. -Fix login problem so chosen password works rather than any password -Fix Session problem where they are being dumped in the root folder