/**
* Authenticate user (input will be escaped).
* @uses 'username', 'password'(sha1) in 'users' table
*
* @param string $username Username passed from a form
* @param string $password Password passed from a form
* @param string $token Token passed from a form
* @param string $credentialsColumn Optionally specify which column to use for credentials
* @return void
*/
public static function authenticate($username, $password, $token, $credentialsColumn = 'username')
{
// if credentials provided and token is valid
if (isset($username, $password) && Fari_Token::isValid($token)) {
// escape input, add slashes and encrypt
$username = Fari_Escape::text($username);
$password = self::_encrypt(Fari_Escape::text($password));
// select a matching row from a table
$whereClause = array('username' => $username, 'password' => $password);
$user = Fari_Db::selectRow('users', $credentialsColumn, $whereClause);
// user id is set
if (isset($user[$credentialsColumn])) {
// create and set credentials string
$_SESSION[self::SESSION_CREDENTIALS_STORAGE] = $user[$credentialsColumn];
unset($user);
return TRUE;
}
}
return FALSE;
}
