/** * Performs Authorization Based on Username and Password * * @param $Username * @param $Password * * @return bool */ public static function Authorize($Username, $Password) { $StringToHash = $Username . ':' . $Password; $HashedPassword = Account::HashPassword('sha1', $StringToHash); $Statement = Account::$DBConnection->prepare('SELECT id, username, access_level, pinned_character FROM users WHERE username = :user AND password = :hashedpassword'); $Statement->bindParam('user', $Username); $Statement->bindParam('hashedpassword', $HashedPassword); $Statement->execute(); $Result = $Statement->fetch(PDO::FETCH_ASSOC); if (!is_null($Result['username'])) { if ($Result['pinned_character'] == null || Text::IsNull($Result['pinned_character'])) { $CharID = Characters::PickRandomChar($Result['id']); if ($CharID != false) { Account::PinCharacter($Result['username'], $CharID); } } $_SESSION['access_role'] = $Result['access_level']; return true; // Successfull Athorization } else { return false; } }