public static function check_credentials($user, $pass)
{
global $settings;
$user_data = self::get_user($user);
// If the user wasn't found, then they can't be valid
if ($user_data === false) {
return false;
}
// todo check if password needs rehashing
if (password_verify($pass, $user_data["password_hash"])) {
// Calculate the expiry time of the cookies we are about to set
$expiry_time = time() + $settings->login_expiry_time;
setcookie("{$settings->cookie_prefix}-user", $user, $expiry_time);
// Get a new session token for the current user
$key = sessions::create($user, $expiry_time);
setcookie("{$settings->cookie_prefix}-session-key", $key, $expiry_time);
return true;
} else {
return false;
}
}
