/**
* Login the user with the given credentials.
* Will return a boolean that indicates if the user is logged in.
*
* @return bool
* @param string $login The users login.
* @param string $password The password provided by the user.
*/
public static function loginUser($login, $password)
{
// redefine
$login = (string) $login;
$password = (string) $password;
// init vars
$db = BackendModel::getDB(true);
// fetch the encrypted password
$passwordEncrypted = BackendAuthentication::getEncryptedPassword($login, $password);
// check in database (is the user active and not deleted, are the email and password correct?)
$userId = (int) $db->getVar('SELECT u.id
FROM users AS u
WHERE u.email = ? AND u.password = ? AND u.active = ? AND u.deleted = ?
LIMIT 1', array($login, $passwordEncrypted, 'Y', 'N'));
// not 0 = valid user!
if ($userId !== 0) {
// cleanup old sessions
self::cleanupOldSessions();
// build the session array (will be stored in the database)
$session = array();
$session['user_id'] = $userId;
$session['secret_key'] = BackendAuthentication::getEncryptedString(SpoonSession::getSessionId(), $userId);
$session['session_id'] = SpoonSession::getSessionId();
$session['date'] = BackendModel::getUTCDate();
// insert a new row in the session-table
$db->insert('users_sessions', $session);
// store some values in the session
SpoonSession::set('backend_logged_in', true);
SpoonSession::set('backend_secret_key', $session['secret_key']);
// return result
return true;
} else {
// reset values for invalid users. We can't destroy the session because session-data can be used on the site.
SpoonSession::set('backend_logged_in', false);
SpoonSession::set('backend_secret_key', '');
// return result
return false;
}
}
