function loginEmailPass($email, $pass)
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return false;
}
$q = DB::queryFirstRow('SELECT email, passhash, permissions, salt FROM users WHERE email=%s', $email);
if (!$q) {
return false;
}
$passhash = saltyStretchyHash($pass, $q['salt']);
if (!hashEquals($q['passhash'], $passhash)) {
return false;
}
$_SESSION['email'] = $q['email'];
$_SESSION['permissions'] = $q['permissions'];
$_SESSION['user_v'] = genRandStr();
setcookie('v', $_SESSION['user_v']);
//passed back and forth and verified above.
return true;
}
function csrfVerify()
{
//Checks CSRF code validity, and returns whether to proceed. The return value is static. Erases 'ver'.
static $valid = NULL;
if (is_null($valid)) {
if ($_SESSION['ver'] && hashEquals($_POST['ver'], $_SESSION['ver'])) {
$valid = true;
}
unset($_POST['ver'], $_SESSION['ver']);
}
return $valid;
}
