/**
  * Try to login
  * @param string $username
  * @param string $password
  * @return boolean
  */
 public function tryToLogin($username, $password)
 {
     if (isset($_POST['chpw_hash'])) {
         AccountHandler::tryToSetNewPassword();
     }
     DB::getInstance()->stopAddingAccountID();
     $Account = DB::getInstance()->query('SELECT * FROM `' . PREFIX . 'account` WHERE `username`="' . $username . '" LIMIT 1')->fetch();
     DB::getInstance()->startAddingAccountID();
     if ($Account) {
         if (strlen($Account['activation_hash']) > 0) {
             $this->throwErrorForActivationNeeded();
             return false;
         }
         if (AccountHandler::comparePasswords($password, $Account['password'], $Account['salt'])) {
             $this->setAccount($Account);
             $this->setSession();
             //Set language for user if not exists
             if (empty($Account['language'])) {
                 $this->updateLanguage();
             }
             // replace old md5 with new sha256 hash
             if (strlen($Account['salt']) < 1) {
                 AccountHandler::setNewPassword($username, $password);
             }
             return true;
         }
         $this->throwErrorForWrongPassword();
     } else {
         $this->throwErrorForWrongUsername();
     }
     return false;
 }
 /**
  * Try to change password
  */
 private function tryToChangePassword()
 {
     if ($_POST['new_pw'] == $_POST['new_pw_repeat']) {
         $Account = DB::getInstance()->query('SELECT `password`, `salt` FROM `' . PREFIX . 'account`' . ' WHERE id = ' . SessionAccountHandler::getId())->fetch();
         if (AccountHandler::comparePasswords($_POST['old_pw'], $Account['password'], $Account['salt'])) {
             if (strlen($_POST['new_pw']) < AccountHandler::$PASS_MIN_LENGTH) {
                 ConfigTabs::addMessage(HTML::error(sprintf(__('The password has to contain at least %s characters.'), AccountHandler::$PASS_MIN_LENGTH)));
             } else {
                 AccountHandler::setNewPassword(SessionAccountHandler::getUsername(), $_POST['new_pw']);
                 ConfigTabs::addMessage(HTML::okay(__('Your password has been changed.')));
             }
         } else {
             ConfigTabs::addMessage(HTML::error(__('You current password is wrong.')));
         }
     } else {
         ConfigTabs::addMessage(HTML::error(__('The passwords have to be the same.')));
     }
 }