/**
* Perform an authentication check, start a new session
* @param string $username
* @param string $password
* @return string the session key
*/
public function authenticate($username, $password)
{
$person = new person();
$sess = new session();
$row = $person->get_valid_login_row($username, $password);
if ($row) {
$sess->Start($row, false);
$sess->UseGet();
$sess->Save();
return $sess->GetKey();
} else {
die("Authentication Failed(1).");
}
}
} else {
if (isset($_GET["forward"])) {
$url = $_GET["forward"];
} else {
$url = $sess->GetUrl($TPL["url_alloc_home"]);
}
}
// If we already have a session
if ($sess->Started()) {
alloc_redirect($url);
exit;
// Else log the user in
} else {
if ($_POST["login"]) {
$person = new person();
$row = $person->get_valid_login_row($_POST["username"], $_POST["password"]);
if ($row) {
$sess->Start($row);
$q = prepare("UPDATE person SET lastLoginDate = '%s' WHERE personID = %d", date("Y-m-d H:i:s"), $row["personID"]);
$db = new db_alloc();
$db->query($q);
if ($sess->TestCookie()) {
$sess->UseCookie();
$sess->SetTestCookie($_POST["username"]);
} else {
$sess->UseGet();
}
$sess->Save();
alloc_redirect($url);
}
$error = "Invalid username or password.";
