/** * \brief Logs in the user. * \param mixed $id A string if the identifier is an email. Otherwise, use an array with for instance array('nickname', $_POST['nick']) * in order to tell to the function that you don't want to use email as an identifier. * \param string $password Don't need to give more precision. * \param bool $persist May I have to create some cookies? If TRUE, don't forget to create a frame where you say that you're website use cookies. * \return bool TRUE if the user is logged. FALSE otherwise. */ public final function login($id, $password, $persist = true) { $field = '_email'; if (is_array($id)) { if (!isset($this->attributes[$id[0]])) { throw new \Exception('The identifier ' . $id[0] . ' doesn\'t exist.'); } $field = $id[0]; $value = $id[1]; } else { $value = $id; } $r = self::$_db->select('_kusers', array('_id', '_key', '_pw'), array('AND' => array($field => $value))); if ($r === false) { return false; } if (!\Kazoo\Secure::sameHash($r[0]['_pw'], \Kazoo\Secure::hash($password))) { return false; } $this->attributes['_id'] = (int) $r[0]['_id']; $_SESSION['_id'] = $this->attributes['_id']; if ($persist) { setcookie(self::$_conf['_user_id_cookie_name'], \Kazoo\Secure::encrypt($this->attributes['_id'], '_usrpaswd42'), time() + self::$_conf['_user_cookie_duration'], '/', '', false, true); setcookie(self::$_conf['_user_key_cookie_name'], \Kazoo\Secure::encrypt($r[0]['_key'], '_usrpaswdchic' . $this->attributes['_id']), time() + self::$_conf['_user_cookie_duration'], '/', '', false, true); } return $this->load(); }