/**
* It recreates an admin method more complicated and more secure than the classical PH7\UserCoreModel::login() method.
*
* @param string $sEmail
* @param string $sUsername
* @param string $sPassword
* @return boolean Returns TRUE if successful otherwise FALSE
*/
public function adminLogin($sEmail, $sUsername, $sPassword)
{
$rStmt = Db::getInstance()->prepare('SELECT email, username, password FROM' . Db::prefix('Admins') . 'WHERE email = :email AND username = :username LIMIT 1');
$rStmt->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$rStmt->bindValue(':username', $sUsername, \PDO::PARAM_STR);
$rStmt->execute();
$oRow = $rStmt->fetch(\PDO::FETCH_OBJ);
Db::free($rStmt);
return Security::checkPwd($sPassword, @$oRow->password);
}
/**
* Login method for Members and Affiliate, but not for Admins, since another method PH7\AdminModel::adminLogin() there is even more secure.
*
* @param string $sEmail
* @param string $sPassword
* @param string $sTable Default 'Members'
* @return mixed (boolean "true" or string "message")
*/
public function login($sEmail, $sPassword, $sTable = 'Members')
{
Various::checkModelTable($sTable);
$rStmt = Db::getInstance()->prepare('SELECT email, password FROM' . Db::prefix($sTable) . 'WHERE email = :email LIMIT 1');
$rStmt->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$rStmt->execute();
$oRow = $rStmt->fetch(\PDO::FETCH_OBJ);
Db::free($rStmt);
$sDbEmail = !empty($oRow->email) ? $oRow->email : '';
$sDbPassword = !empty($oRow->password) ? $oRow->password : '';
if ($sEmail !== $sDbEmail) {
return 'email_does_not_exist';
} elseif (!Security::checkPwd($sPassword, $sDbPassword)) {
return 'password_does_not_exist';
} else {
return true;
}
}
