/** * Authenticate user (input will be escaped). * @uses 'username', 'password'(sha1) in 'users' table * * @param string $username Username passed from a form * @param string $password Password passed from a form * @param string $token Token passed from a form * @param string $credentialsColumn Optionally specify which column to use for credentials * @return void */ public static function authenticate($username, $password, $token, $credentialsColumn = 'username') { // if credentials provided and token is valid if (isset($username, $password) && Fari_Token::isValid($token)) { // escape input, add slashes and encrypt $username = Fari_Escape::text($username); $password = self::_encrypt(Fari_Escape::text($password)); // select a matching row from a table $whereClause = array('username' => $username, 'password' => $password); $user = Fari_Db::selectRow('users', $credentialsColumn, $whereClause); // user id is set if (isset($user[$credentialsColumn])) { // create and set credentials string $_SESSION[self::SESSION_CREDENTIALS_STORAGE] = $user[$credentialsColumn]; unset($user); return TRUE; } } return FALSE; }