public static function authenticate($username, $password)
{
if (empty($username) || empty($password)) {
return NULL;
}
//TODO sql escape
$SQL = "SELECT * FROM " . TBL_ADMIN_USERS . " WHERE userName='******' AND userPassword='******'";
$query = mysql_query($SQL, DBUtils::getManualConnection());
if (empty($query)) {
return NULL;
}
while ($db_field = mysql_fetch_assoc($query)) {
$admin_user = AdminUsersModel::createAdminUserWithSQL($db_field);
if (!empty($admin_user)) {
return $admin_user;
}
}
return null;
}