public static function check_credentials($user, $pass) { global $settings; $user_data = self::get_user($user); // If the user wasn't found, then they can't be valid if ($user_data === false) { return false; } // todo check if password needs rehashing if (password_verify($pass, $user_data["password_hash"])) { // Calculate the expiry time of the cookies we are about to set $expiry_time = time() + $settings->login_expiry_time; setcookie("{$settings->cookie_prefix}-user", $user, $expiry_time); // Get a new session token for the current user $key = sessions::create($user, $expiry_time); setcookie("{$settings->cookie_prefix}-session-key", $key, $expiry_time); return true; } else { return false; } }