/**
* Try to login
* @param string $username
* @param string $password
* @return boolean
*/
public function tryToLogin($username, $password)
{
if (isset($_POST['chpw_hash'])) {
AccountHandler::tryToSetNewPassword();
}
DB::getInstance()->stopAddingAccountID();
$Account = DB::getInstance()->query('SELECT * FROM `' . PREFIX . 'account` WHERE `username`="' . $username . '" LIMIT 1')->fetch();
DB::getInstance()->startAddingAccountID();
if ($Account) {
if (strlen($Account['activation_hash']) > 0) {
$this->throwErrorForActivationNeeded();
return false;
}
if (AccountHandler::comparePasswords($password, $Account['password'], $Account['salt'])) {
$this->setAccount($Account);
$this->setSession();
//Set language for user if not exists
if (empty($Account['language'])) {
$this->updateLanguage();
}
// replace old md5 with new sha256 hash
if (strlen($Account['salt']) < 1) {
AccountHandler::setNewPassword($username, $password);
}
return true;
}
$this->throwErrorForWrongPassword();
} else {
$this->throwErrorForWrongUsername();
}
return false;
}
/**
* Try to change password
*/
private function tryToChangePassword()
{
if ($_POST['new_pw'] == $_POST['new_pw_repeat']) {
$Account = DB::getInstance()->query('SELECT `password`, `salt` FROM `' . PREFIX . 'account`' . ' WHERE id = ' . SessionAccountHandler::getId())->fetch();
if (AccountHandler::comparePasswords($_POST['old_pw'], $Account['password'], $Account['salt'])) {
if (strlen($_POST['new_pw']) < AccountHandler::$PASS_MIN_LENGTH) {
ConfigTabs::addMessage(HTML::error(sprintf(__('The password has to contain at least %s characters.'), AccountHandler::$PASS_MIN_LENGTH)));
} else {
AccountHandler::setNewPassword(SessionAccountHandler::getUsername(), $_POST['new_pw']);
ConfigTabs::addMessage(HTML::okay(__('Your password has been changed.')));
}
} else {
ConfigTabs::addMessage(HTML::error(__('You current password is wrong.')));
}
} else {
ConfigTabs::addMessage(HTML::error(__('The passwords have to be the same.')));
}
}