public static function authenticate($username, $password) { $user = DataManager::getUserByUserName($username); if ($user != null && $user->getPassword() == self::getHash($username, $password)) { $_SESSION['user'] = $user->getId(); return true; } self::signOut(); return false; }
public static function authenticate($userName, $password) { $user = DataManager::getUserByUserName($userName); if ($user != null && $user->getPasswordHash() == hash('sha1', "{$userName}|{$password}")) { $_SESSION['user'] = $user->getId(); DataManager::logAction("Login succeeded by user with username="******"Login failed by user with username=" . $userName); self::signOut(); sleep(2); // make bruteforcing unfunny return false; }