/** * It recreates an admin method more complicated and more secure than the classical PH7\UserCoreModel::login() method. * * @param string $sEmail * @param string $sUsername * @param string $sPassword * @return boolean Returns TRUE if successful otherwise FALSE */ public function adminLogin($sEmail, $sUsername, $sPassword) { $rStmt = Db::getInstance()->prepare('SELECT email, username, password FROM' . Db::prefix('Admins') . 'WHERE email = :email AND username = :username LIMIT 1'); $rStmt->bindValue(':email', $sEmail, \PDO::PARAM_STR); $rStmt->bindValue(':username', $sUsername, \PDO::PARAM_STR); $rStmt->execute(); $oRow = $rStmt->fetch(\PDO::FETCH_OBJ); Db::free($rStmt); return Security::checkPwd($sPassword, @$oRow->password); }
/** * Login method for Members and Affiliate, but not for Admins, since another method PH7\AdminModel::adminLogin() there is even more secure. * * @param string $sEmail * @param string $sPassword * @param string $sTable Default 'Members' * @return mixed (boolean "true" or string "message") */ public function login($sEmail, $sPassword, $sTable = 'Members') { Various::checkModelTable($sTable); $rStmt = Db::getInstance()->prepare('SELECT email, password FROM' . Db::prefix($sTable) . 'WHERE email = :email LIMIT 1'); $rStmt->bindValue(':email', $sEmail, \PDO::PARAM_STR); $rStmt->execute(); $oRow = $rStmt->fetch(\PDO::FETCH_OBJ); Db::free($rStmt); $sDbEmail = !empty($oRow->email) ? $oRow->email : ''; $sDbPassword = !empty($oRow->password) ? $oRow->password : ''; if ($sEmail !== $sDbEmail) { return 'email_does_not_exist'; } elseif (!Security::checkPwd($sPassword, $sDbPassword)) { return 'password_does_not_exist'; } else { return true; } }