public static function login($_login, $_password) { // retrieve hash for `$_login` user with SQL query $user = DB::Prepare("SELECT `id`, `login`, `password`, `email` FROM users WHERE `login` = :login;", array('login' => $_login)); if (!is_array($user)) { return false; } $hash = $user['password']; if (self::check_password($hash, $_password)) { // store session $_SESSION = array(); $_SESSION['logged'] = true; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['token'] = csrf::generate_token(); // remove password from $user unset($user['password']); $_SESSION['user'] = $user; return true; } return false; }