/**
* Perform login.
*
* @param string $sUsername
* @param string $sPassword
* @param bollean $save_pass
* @return boolean
*/
public function login($sUsername, $sPassword, $save_pass = false)
{
$sQuery = 'SELECT id, group_id, password, salt ' . 'FROM ' . $this->t_users . ' ' . 'WHERE username=\'' . $this->oDb->escapeStr($sUsername) . '\' ';
if (($rs = $this->oDb->select($sQuery)) === false) {
return false;
}
if ($rs->isEmpty()) {
$this->oError->set(__('c_c_auth_unknown_user'));
return false;
}
$sPasswordHash = $rs->password;
if (!password::verify($sPassword, $sPasswordHash)) {
$this->oError->set(__('c_c_auth_wrong_password'));
return false;
} elseif (password::needs_rehash($sPasswordHash, PASSWORD_DEFAULT)) {
$sPasswordHash = password::hash($sPassword, PASSWORD_DEFAULT);
$sQuery = 'UPDATE ' . $this->t_users . ' SET ' . 'password=\'' . $this->oDb->escapeStr($sPasswordHash) . '\' ' . 'WHERE id=' . $rs->id;
if (!$this->oDb->execute($sQuery)) {
return false;
}
}
if ($rs->group_id == self::unverified_group_id) {
$this->oError->set(__('c_c_auth_account_awaiting_validation'));
return false;
}
# Remove this user's guest entry from the online list
$sQuery = 'DELETE FROM ' . $this->t_online . ' ' . 'WHERE ident=\'' . $this->oDb->escapeStr(http::realIP()) . '\'';
if (!$this->oDb->execute($sQuery)) {
return false;
}
$iTsExpire = $save_pass ? time() + $this->iVisitRememberTime : time() + $this->iVisitTimeout;
$this->setAuthCookie(base64_encode($rs->id . '|' . $sPasswordHash . '|' . $iTsExpire . '|' . sha1($rs->salt . $sPasswordHash . util::hash($iTsExpire, $rs->salt))), $iTsExpire);
# log admin
if (isset($this->okt->logAdmin)) {
$this->okt->logAdmin->add(array('user_id' => $rs->id, 'username' => $sUsername, 'code' => 10, 'message' => __('c_c_log_admin_message_by_form')));
}
# -- CORE TRIGGER : userLogin
$this->okt->triggers->callTrigger('userLogin', $this->okt, $rs);
return true;
}
