public static function login($_login, $_password)
{
// retrieve hash for `$_login` user with SQL query
$user = DB::Prepare("SELECT `id`, `login`, `password`, `email` FROM users WHERE `login` = :login;", array('login' => $_login));
if (!is_array($user)) {
return false;
}
$hash = $user['password'];
if (self::check_password($hash, $_password)) {
// store session
$_SESSION = array();
$_SESSION['logged'] = true;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['token'] = csrf::generate_token();
// remove password from $user
unset($user['password']);
$_SESSION['user'] = $user;
return true;
}
return false;
}