private function _checkAuth()
{
if (empty($_POST['username']) === true or empty($_POST['password']) === true) {
return false;
}
$username = TextMan::cleanSql($_POST['username']);
$password = TextMan::cleanSql($_POST['password']);
$this->db->runSelect('users', array('id', 'password', 'hash'), 'LOWER( `username` ) = \'' . strtolower($username) . '\'');
if ($this->db->runCountRows() !== 1) {
return false;
}
$fetch = $this->db->runSingleFetch();
if (TextSec::genPassHash($password, $fetch['hash']) !== $fetch['password']) {
return false;
}
set_cookie_sane('userid', $fetch['id'], 86400);
set_cookie_sane('password', $fetch['password'], 86400);
header('Location: ./');
}
public static function genPassHash($pass, $hash)
{
return TextSec::hashString($pass, $hash);
}
