/** * Function to authenticate user * @param string $username user name * @param string $password password * @return boolean * **/ public function authenticate($username, $password) { $userRow = \R::findOne($this->_name, '(user_name = :un OR email = :un) AND status =1', array(":un" => $username)); if ($userRow) { // check if password is expired or not $isPasswordExpired = strtotime($userRow->pwd_exp_time) - time() <= 0; if ($isPasswordExpired) { return self::ERROR_USER_PWD_EXPIRED; } //check if user is locked or not $isUserLocked = $userRow->locked == 1 ? true : false; if ($isUserLocked) { return self::ERROR_USER_LOCKED; } if (md5($password . $userRow->salt) == $userRow->password) { // clear invalid login attempts $objInvalidAttempts = new UserLoginAttempts(); $objInvalidAttempts->clearInvalidLoginAttempts($username); //write user data in session \utilities\Registry::setRegistry('user', $userRow->export()); return true; } return false; } return self::IDENTITY_NOT_FOUND; }