/** * checks the password for the given user account. * * Returns true if the given password for the user account specified by * is correct, otherwise false. * Error messages are added to the array errors. * * @param string $login Loginname * @param string $password Password * @param array $optionalData Optional data * * @return boolean */ public function checkPassword($login, $password, array $optionalData = null) { $check = sprintf("\n SELECT\n login, pass\n FROM\n %sfaquserlogin\n WHERE\n login = '******'", PMF_Db::getTablePrefix(), $this->db->escape($login)); $check = $this->db->query($check); $error = $this->db->error(); if (strlen($error) > 0) { $this->errors[] = PMF_User::ERROR_USER_NOT_FOUND . 'error(): ' . $error; return false; } $numRows = $this->db->numRows($check); if ($numRows < 1) { $this->errors[] = PMF_User::ERROR_USER_NOT_FOUND; return false; } // if login not unique, raise an error, but continue if ($numRows > 1) { $this->errors[] = PMF_User::ERROR_USER_LOGIN_NOT_UNIQUE; } // if multiple accounts are ok, just 1 valid required while ($user = $this->db->fetchArray($check)) { // Check password against old one if ($this->_config->get('security.forcePasswordUpdate')) { if ($this->checkEncryptedPassword($user['pass'], $password) && $this->encContainer->setSalt($user['login'])->encrypt($password) !== $user['pass']) { return $this->changePassword($login, $password); } } if ($user['pass'] === $this->encContainer->setSalt($user['login'])->encrypt($password)) { return true; break; } } $this->errors[] = PMF_User::ERROR_USER_INCORRECT_PASSWORD; return false; }