/** * Checks if password is correct * * @param $username input username * @param $password input password * @return bool true if password is correct for $usre */ private function correctPassword($username, $password) { $sql = "SELECT password FROM " . $this->DB_TABLE . " WHERE username=" . $this->pdo->quote($username); $query = $this->pdo->prepare($sql); $query->execute(); $results = $query->fetchColumn(); if ($results == Encrypter::getEncryptedPassword($password)) { return true; } else { return false; } }