public function authorize($username, $password = null, $service = 'amy')
{
$username = Db::quote_literal($username);
$service = Db::quote_literal($service);
// bypassing the password - already logged in using external sevice API (Facebook and such)
if (false === ($row = Db::find_first("SELECT * FROM amy.users WHERE username='{$username}' AND service='{$service}' LIMIT 1"))) {
throw new Exception("Unable to lookup username: `{$username}' for service `{$service}'.");
}
if (null != $password) {
if (md5($password) != $row['hashed_password']) {
throw new Exception("Invalid password provided.");
}
}
$this->load_user_info($row);
Db::find("UPDATE amy.users SET last_logged_at=CURRENT_TIMESTAMP WHERE id=" . $this->userId);
return $this;
}