public function login($loginoremail, $password) { if (isset($_COOKIE[$this->cookie_name])) { $this->logout(); } $user = new User($this->db); $user->loadByLoginOrEmail($loginoremail); if (isset($user) && $user->is_loaded) { if ($user->val('user_failed_attempts') > $this::$max_attempts) { $messages[] = t('Max. number of login attempts exceeded. Please ask for new password.'); } if (Authentication::verifyPassword($password, $user->val('user_password_hash'))) { // success - create new session $this->user = $user; $this->updateLastAccess(); $token = $this->generateToken(); $token_hash = Authentication::hashPassword($token); $expires = time() + Authentication::$session_expire; $session = new UserSession($this->db); $session->data['user_session_token_hash'] = $token_hash; $session->data['user_session_user_id'] = $this->user->val('user_id'); $session->data['user_session_expires'] = SqlQuery::mysqlTimestamp($expires); $session->save(); setcookie($this->cookie_name, $session->val('user_session_id') . "-" . $token, $expires, '/', false, false); $this->session = $session; } else { $user->data['user_failed_attempts'] += 1; $user->save(); } } }