public function validateUser($userName, $password) { $stmt = "CALL SP_Users('','',?,'','','','2015-01-04','','r',@result)"; $user = $this->db->executeStoreProcedure($stmt, array($userName)); $this->clientIP = $_SERVER["REMOTE_ADDR"]; //echo $this->clientIP; if (!$user->error()) { $results = $user->results(); $loginAttemptsId = $user->results()[0]->userId; if ($this->confirmIPAddress($loginAttemptsId, $this->clientIP) == 0) { //echo "yes"; $dbSalt = $results[0]->salt; $password = hash('sha512', $password . $dbSalt); if ($password === $results[0]->password) { $this->clearLoginAttempts($loginAttemptsId, $clientIP); Session::setUserName($results[0]->firstName . ' ' . $results[0]->lastName); Session::setUserType($results[0]->userType); return "valid"; } else { //echo $this->clientIP; $attempt = $this->addLoginAttempt($loginAttemptsId, $this->clientIP); //echo $attempt; return "invalid"; } } else { if ($this->confirmIPAddress($loginAttemptsId, $this->clientIP) == 1) { //echo 'your account is bloced for 30 minutes'; return "blocked"; } } } else { return "invalid"; } }