public function login($user, $pass) { $user = filter_var($user, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); //returns false if no such user $salt = User::getUserByUserName($user); if ($salt['success'] == false) { return $salt; } $pass = User::encrypt($pass, $salt['salt']); $query = "SELECT id\n\t\t\t\t\t FROM users \n\t\t\t\t\t WHERE username = :username\n\t\t\t\t\t AND password = :pass"; try { $DBH = Utility::connectToDB(); if ($DBH == \NULL) { return array('success' => false, 'error' => 'Error connecting to database'); } $STH = $DBH->prepare($query); $STH->bindParam('username', $user); $STH->bindParam('pass', $pass); $sqlError = $STH->execute(); $result = User::checkExecute($STH, $DBH, $sqlError); if ($result['success'] == false) { return $result; } $rowCount = $STH->rowCount(); if ($rowCount == 1) { $results = $STH->fetch(PDO::FETCH_ASSOC); $DBH = \NULL; return array('success' => true, 'id' => $results['id']); } else { $DBH = \NULL; return array('success' => false, 'error' => 'login failure'); } } catch (PDOException $e) { if (Debug::DEBUG) { echo 'Error: ' . $e->getMessage(); } $DBH = \NULL; return array('success' => false, 'error' => 'unknown error'); } return array('success' => false, 'error' => 'unknown error'); }