/** * Try to login * @param string $username * @param string $password * @return boolean */ public function tryToLogin($username, $password) { if (isset($_POST['chpw_hash'])) { AccountHandler::tryToSetNewPassword(); } DB::getInstance()->stopAddingAccountID(); $Account = DB::getInstance()->query('SELECT * FROM `' . PREFIX . 'account` WHERE `username`="' . $username . '" LIMIT 1')->fetch(); DB::getInstance()->startAddingAccountID(); if ($Account) { if (strlen($Account['activation_hash']) > 0) { $this->throwErrorForActivationNeeded(); return false; } if (AccountHandler::comparePasswords($password, $Account['password'], $Account['salt'])) { $this->setAccount($Account); $this->setSession(); //Set language for user if not exists if (empty($Account['language'])) { $this->updateLanguage(); } // replace old md5 with new sha256 hash if (strlen($Account['salt']) < 1) { AccountHandler::setNewPassword($username, $password); } return true; } $this->throwErrorForWrongPassword(); } else { $this->throwErrorForWrongUsername(); } return false; }
<div class="w50" id="login-window"> <form action="login.php?chpw=<?php echo $_GET['chpw']; ?> " method="post"> <?php $errors = AccountHandler::tryToSetNewPassword(); $user = AccountHandler::getUsernameForChangePasswordHash(); ?> <fieldset> <legend><?php _e('Set new password'); ?> </legend> <?php if ($user) { ?> <input type="hidden" name="chpw_hash" value="<?php echo $_GET['chpw']; ?> "> <input type="hidden" name="chpw_username" value="<?php echo $user; ?> "> <div class="w100"> <label for="chpw_name"><?php _e('Username'); ?>