public function login($loginoremail, $password)
{
if (isset($_COOKIE[$this->cookie_name])) {
$this->logout();
}
$user = new User($this->db);
$user->loadByLoginOrEmail($loginoremail);
if (isset($user) && $user->is_loaded) {
if ($user->val('user_failed_attempts') > $this::$max_attempts) {
$messages[] = t('Max. number of login attempts exceeded. Please ask for new password.');
}
if (Authentication::verifyPassword($password, $user->val('user_password_hash'))) {
// success - create new session
$this->user = $user;
$this->updateLastAccess();
$token = $this->generateToken();
$token_hash = Authentication::hashPassword($token);
$expires = time() + Authentication::$session_expire;
$session = new UserSession($this->db);
$session->data['user_session_token_hash'] = $token_hash;
$session->data['user_session_user_id'] = $this->user->val('user_id');
$session->data['user_session_expires'] = SqlQuery::mysqlTimestamp($expires);
$session->save();
setcookie($this->cookie_name, $session->val('user_session_id') . "-" . $token, $expires, '/', false, false);
$this->session = $session;
} else {
$user->data['user_failed_attempts'] += 1;
$user->save();
}
}
}
