public function login($login, $password) { $login = trim($login); $password = trim($password); if ($login != '' && $password != '') { if ($this->CheckLogin($login) && $this->CheckPassword($password)) { $DB = \DB::init(); if ($DB->connected()) { $sth = $DB->dbh->prepare("SELECT * FROM `n-users` WHERE LOWER(`usr-login`) = LOWER(?) LIMIT 1;"); \CORE::msg('debug', 'User login check'); $sth->bindParam(1, $login, \PDO::PARAM_STR); $sth->execute(); $DB->query_count(); if ($sth->rowCount() == 1) { $r = $sth->fetch(); $salt = $r['usr-salt']; $hashpass = md5(md5($password) . $salt); $sth = $DB->dbh->prepare("SELECT * FROM `n-users` WHERE LOWER(`usr-login`)=LOWER(:login) AND `usr-pwd`=:hashpass LIMIT 1;"); $sth->execute(array(':login' => $login, ':hashpass' => $hashpass)); $DB->query_count(); \CORE::msg('debug', 'User login and password check'); if ($sth->rowCount() == 1) { if ($r['usr-status'] > 0) { $r = $sth->fetch(); // here will be additional checking via profile data, if needed \SESSION::start(); // here may be some additional records, like when login, which ip, etc $uid = (int) $r['usr-uid']; $gid = (int) $r['usr-gid']; \SESSION::set('uid', $uid); \SESSION::set('gid', $gid); \SESSION::set('user', $login); if (isset($r['usr-pid'])) { $pid = (int) $r['usr-pid']; \SESSION::set('pid', $pid); } // setcookie(PREFX.'st',1,time()+3600); // 1 hour if (isset($_POST['cookie'])) { //// $time=86400; // 24 hours //// setcookie(PREFIX."ul", base64_encode($login), time()+$time, "/"); } $sth = $DB->dbh->prepare("UPDATE `n-users` SET `usr-lastlogin`=CURRENT_TIMESTAMP() WHERE `usr-uid`=?;"); $sth->execute(array($uid)); $DB->query_count(); \CORE::msg('debug', 'User is logged in'); header('Location: ./'); exit; } else { \CORE::msg('error', 'Account is currently locked'); } } else { \CORE::msg('error', 'Incorrect username or password'); } } else { \CORE::msg('error', 'Incorrect username or password'); } } else { \CORE::msg('debug', 'DB is not connected'); } // ?? move to db class } else { \CORE::msg('error', 'Username or password is not valid'); } } else { \CORE::msg('error', 'Empty username or password'); } }
public static function init() { // if(isset($_COOKIE[PREFX.'st'])){SESSION::start();} if (isset($_COOKIE['PHPSESSID'])) { SESSION::start(); } }