/**
* Try to login
* @param string $username
* @param string $password
* @return boolean
*/
public function tryToLogin($username, $password)
{
if (isset($_POST['chpw_hash'])) {
AccountHandler::tryToSetNewPassword();
}
DB::getInstance()->stopAddingAccountID();
$Account = DB::getInstance()->query('SELECT * FROM `' . PREFIX . 'account` WHERE `username`="' . $username . '" LIMIT 1')->fetch();
DB::getInstance()->startAddingAccountID();
if ($Account) {
if (strlen($Account['activation_hash']) > 0) {
$this->throwErrorForActivationNeeded();
return false;
}
if (AccountHandler::comparePasswords($password, $Account['password'], $Account['salt'])) {
$this->setAccount($Account);
$this->setSession();
//Set language for user if not exists
if (empty($Account['language'])) {
$this->updateLanguage();
}
// replace old md5 with new sha256 hash
if (strlen($Account['salt']) < 1) {
AccountHandler::setNewPassword($username, $password);
}
return true;
}
$this->throwErrorForWrongPassword();
} else {
$this->throwErrorForWrongUsername();
}
return false;
}
<div class="w50" id="login-window">
<form action="login.php?chpw=<?php
echo $_GET['chpw'];
?>
" method="post">
<?php
$errors = AccountHandler::tryToSetNewPassword();
$user = AccountHandler::getUsernameForChangePasswordHash();
?>
<fieldset>
<legend><?php
_e('Set new password');
?>
</legend>
<?php
if ($user) {
?>
<input type="hidden" name="chpw_hash" value="<?php
echo $_GET['chpw'];
?>
">
<input type="hidden" name="chpw_username" value="<?php
echo $user;
?>
">
<div class="w100">
<label for="chpw_name"><?php
_e('Username');
?>
