public function login($user, $pass)
{
$user = filter_var($user, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
//returns false if no such user
$salt = User::getUserByUserName($user);
if ($salt['success'] == false) {
return $salt;
}
$pass = User::encrypt($pass, $salt['salt']);
$query = "SELECT id\n\t\t\t\t\t FROM users \n\t\t\t\t\t WHERE username = :username\n\t\t\t\t\t AND password = :pass";
try {
$DBH = Utility::connectToDB();
if ($DBH == \NULL) {
return array('success' => false, 'error' => 'Error connecting to database');
}
$STH = $DBH->prepare($query);
$STH->bindParam('username', $user);
$STH->bindParam('pass', $pass);
$sqlError = $STH->execute();
$result = User::checkExecute($STH, $DBH, $sqlError);
if ($result['success'] == false) {
return $result;
}
$rowCount = $STH->rowCount();
if ($rowCount == 1) {
$results = $STH->fetch(PDO::FETCH_ASSOC);
$DBH = \NULL;
return array('success' => true, 'id' => $results['id']);
} else {
$DBH = \NULL;
return array('success' => false, 'error' => 'login failure');
}
} catch (PDOException $e) {
if (Debug::DEBUG) {
echo 'Error: ' . $e->getMessage();
}
$DBH = \NULL;
return array('success' => false, 'error' => 'unknown error');
}
return array('success' => false, 'error' => 'unknown error');
}
