/** * Attempts to authenticate * @param UserCredentials $uc * @return boolean */ public function doLogin(UserCredentials $uc, \model\RegisterModel $regModel) { $this->tempCredentials = $this->tempDAL->load($uc->getName()); $loginByUsernameAndPassword = false; $userData = $regModel->getUser($uc->getName()); if ($userData) { $userDataSep = explode("::", $userData); $pwDecrypt = password_verify(trim($uc->getPassword()), trim($userDataSep[1])); $loginByUsernameAndPassword = strcmp($uc->getName(), $userDataSep[0]) == 0 && $pwDecrypt; // $loginByUsernameAndPassword = (strcmp($uc->getName(), $userDataSep[0]) == 0) && (strcmp(trim($uc->getPassword()), trim($userDataSep[1])) == 0); } else { $loginByUsernameAndPassword = false; } $loginByTemporaryCredentials = $this->tempCredentials != null && $this->tempCredentials->isValid($uc->getTempPassword()); if ($loginByUsernameAndPassword || $loginByTemporaryCredentials) { $user = new LoggedInUser($uc); $_SESSION[self::$sessionUserLocation] = $user; return true; } return false; }