public function logIn($username, $password)
{
// rate-limit requests.
$numFailedRequests = $this->dbConn->queryCount("SELECT COUNT(*) FROM `failed_logins` WHERE `ip` = " . $this->dbConn->quoteSmart($_SERVER['REMOTE_ADDR']) . " AND `date` > NOW() - INTERVAL 1 HOUR");
if ($numFailedRequests > 5) {
return array("location" => "index.php", "status" => "You have had too many unsuccessful login attempts. Please wait awhile and try again.", 'class' => 'error');
}
$bcrypt = new Bcrypt();
$findUsername = $this->dbConn->queryFirstRow("SELECT `id`, `name`, `facility_id`, `usermask`, `password_hash` FROM `users` WHERE `email` = " . $this->dbConn->quoteSmart($username) . " LIMIT 1");
if (!$findUsername) {
$this->dbConn->log_failed_login($username, $password);
return array("location" => "index.php", "status" => "Could not log in with the supplied credentials.", 'class' => 'error');
}
if (!$bcrypt->verify($password, $findUsername['password_hash'])) {
$this->dbConn->log_failed_login($username, $password);
return array("location" => "index.php", "status" => "Could not log in with the supplied credentials.", 'class' => 'error');
}
//update last IP address.
$updateLastIP = $this->dbConn->stdQuery("UPDATE `users` SET `last_ip` = " . $this->dbConn->quoteSmart($_SERVER['REMOTE_ADDR']) . " WHERE `id` = " . intval($findUsername['id']) . " LIMIT 1");
$_SESSION['id'] = $findUsername['id'];
$_SESSION['name'] = $findUsername['name'];
$_SESSION['facility_id'] = $findUsername['facility_id'];
$_SESSION['usermask'] = $findUsername['usermask'];
$this->id = intval($findUsername['id']);
$this->facility['id'] = intval($findUsername['facility_id']);
$this->usermask = intval($findUsername['usermask']);
return array("location" => "main.php", "status" => "Successfully logged in.", 'class' => 'success');
}