/** * Perform login. * * @param string $sUsername * @param string $sPassword * @param bollean $save_pass * @return boolean */ public function login($sUsername, $sPassword, $save_pass = false) { $sQuery = 'SELECT id, group_id, password, salt ' . 'FROM ' . $this->t_users . ' ' . 'WHERE username=\'' . $this->oDb->escapeStr($sUsername) . '\' '; if (($rs = $this->oDb->select($sQuery)) === false) { return false; } if ($rs->isEmpty()) { $this->oError->set(__('c_c_auth_unknown_user')); return false; } $sPasswordHash = $rs->password; if (!password::verify($sPassword, $sPasswordHash)) { $this->oError->set(__('c_c_auth_wrong_password')); return false; } elseif (password::needs_rehash($sPasswordHash, PASSWORD_DEFAULT)) { $sPasswordHash = password::hash($sPassword, PASSWORD_DEFAULT); $sQuery = 'UPDATE ' . $this->t_users . ' SET ' . 'password=\'' . $this->oDb->escapeStr($sPasswordHash) . '\' ' . 'WHERE id=' . $rs->id; if (!$this->oDb->execute($sQuery)) { return false; } } if ($rs->group_id == self::unverified_group_id) { $this->oError->set(__('c_c_auth_account_awaiting_validation')); return false; } # Remove this user's guest entry from the online list $sQuery = 'DELETE FROM ' . $this->t_online . ' ' . 'WHERE ident=\'' . $this->oDb->escapeStr(http::realIP()) . '\''; if (!$this->oDb->execute($sQuery)) { return false; } $iTsExpire = $save_pass ? time() + $this->iVisitRememberTime : time() + $this->iVisitTimeout; $this->setAuthCookie(base64_encode($rs->id . '|' . $sPasswordHash . '|' . $iTsExpire . '|' . sha1($rs->salt . $sPasswordHash . util::hash($iTsExpire, $rs->salt))), $iTsExpire); # log admin if (isset($this->okt->logAdmin)) { $this->okt->logAdmin->add(array('user_id' => $rs->id, 'username' => $sUsername, 'code' => 10, 'message' => __('c_c_log_admin_message_by_form'))); } # -- CORE TRIGGER : userLogin $this->okt->triggers->callTrigger('userLogin', $this->okt, $rs); return true; }