private function _findUser($username, $password)
{
$db =& $GLOBALS['db'];
$sql = 'SELECT sm.*, p.*, GROUP_CONCAT(cr.congregationid) as congregation_restrictions, GROUP_CONCAT(gr.groupid) as group_restrictions
FROM staff_member sm
JOIN _person p ON sm.id = p.id
LEFT JOIN account_congregation_restriction cr ON cr.personid = sm.id
LEFT JOIN account_group_restriction gr ON gr.personid = sm.id
WHERE sm.username = '******'
AND active = 1
GROUP BY p.id';
$row = $db->queryRow($sql);
check_db_result($row);
if (!empty($row) && jethro_password_verify($password, $row['password'])) {
$row['congregation_restrictions'] = empty($row['congregation_restrictions']) ? array() : explode(',', $row['congregation_restrictions']);
$row['group_restrictions'] = empty($row['group_restrictions']) ? array() : explode(',', $row['group_restrictions']);
return $row;
}
return NULL;
}
/**
* Find a person record that matches the given email and password
* @param string $email Find a person with this record
* @param string $password Find a person with this member_password
* @return array Person details
*/
private function _findAuthMember($email, $password)
{
$db =& $GLOBALS['db'];
$sql = 'SELECT p.*
FROM _person p
WHERE p.email = ' . $db->quote($email) . ' AND member_password IS NOT NULL';
$res = $db->queryAll($sql);
check_db_result($res);
foreach ($res as $row) {
if (jethro_password_verify($password, $row['member_password'])) {
unset($row['member_password']);
unset($row['history']);
return $row;
}
}
return NULL;
}