/** * Authorize an email/password * * @param string $email * @param string $password * @return object | bool */ public function authorizeLogin($email, $password) { // check if the email exists $util = $this->getService('util'); $user = \Db\Sql\Users::findByEmail($email)->getFirst(); if (!$user || !valid($user->email, STRING)) { $util->addMessage('Email and password do not match', ERROR); return FALSE; } // hash the plaintext password and compare it against the // database password. $security = $this->getService('security'); if (!$security->checkHash($password, $user->password)) { $util->addMessage('Email and password do not match', ERROR); return FALSE; } return $user; }