Ejemplo n.º 1
0
 /**
  * Performs Authorization Based on Username and Password
  *
  * @param $Username
  * @param $Password
  *
  * @return bool
  */
 public static function Authorize($Username, $Password)
 {
     $StringToHash = $Username . ':' . $Password;
     $HashedPassword = Account::HashPassword('sha1', $StringToHash);
     $Statement = Account::$DBConnection->prepare('SELECT id, username, access_level, pinned_character FROM users WHERE username = :user AND password = :hashedpassword');
     $Statement->bindParam('user', $Username);
     $Statement->bindParam('hashedpassword', $HashedPassword);
     $Statement->execute();
     $Result = $Statement->fetch(PDO::FETCH_ASSOC);
     if (!is_null($Result['username'])) {
         if ($Result['pinned_character'] == null || Text::IsNull($Result['pinned_character'])) {
             $CharID = Characters::PickRandomChar($Result['id']);
             if ($CharID != false) {
                 Account::PinCharacter($Result['username'], $CharID);
             }
         }
         $_SESSION['access_role'] = $Result['access_level'];
         return true;
         // Successfull Athorization
     } else {
         return false;
     }
 }