public static function isLogin($username, $password) { $safe_username = safe_input::all($username); if (user::doesUsernameExist($username)) { $user_info = user::getUserByUsername($safe_username); $hashed_password = md5(md5($password) . md5($user_info['salt'])); if (strcmp($hashed_password, $user_info['password']) == 0) { return true; } else { return false; //incorrect password } } else { return false; //username doesn't exist } }