/** * Login the user with the given credentials. * Will return a boolean that indicates if the user is logged in. * * @return bool * @param string $login The users login. * @param string $password The password provided by the user. */ public static function loginUser($login, $password) { // redefine $login = (string) $login; $password = (string) $password; // init vars $db = BackendModel::getDB(true); // fetch the encrypted password $passwordEncrypted = BackendAuthentication::getEncryptedPassword($login, $password); // check in database (is the user active and not deleted, are the email and password correct?) $userId = (int) $db->getVar('SELECT u.id FROM users AS u WHERE u.email = ? AND u.password = ? AND u.active = ? AND u.deleted = ? LIMIT 1', array($login, $passwordEncrypted, 'Y', 'N')); // not 0 = valid user! if ($userId !== 0) { // cleanup old sessions self::cleanupOldSessions(); // build the session array (will be stored in the database) $session = array(); $session['user_id'] = $userId; $session['secret_key'] = BackendAuthentication::getEncryptedString(SpoonSession::getSessionId(), $userId); $session['session_id'] = SpoonSession::getSessionId(); $session['date'] = BackendModel::getUTCDate(); // insert a new row in the session-table $db->insert('users_sessions', $session); // store some values in the session SpoonSession::set('backend_logged_in', true); SpoonSession::set('backend_secret_key', $session['secret_key']); // return result return true; } else { // reset values for invalid users. We can't destroy the session because session-data can be used on the site. SpoonSession::set('backend_logged_in', false); SpoonSession::set('backend_secret_key', ''); // return result return false; } }