/**
* Authenticate
*
* @access private
*/
private function _authenticate(CI_DB_result $member, $password)
{
$always_disallowed = array(4);
if ($member->num_rows() !== 1) {
return FALSE;
}
if (in_array($member->row('group_id'), $always_disallowed)) {
return ee()->output->show_user_error('general', lang('mbr_account_not_active'));
}
$m_salt = $member->row('salt');
$m_pass = $member->row('password');
// hash using the algo used for this password
$h_byte_size = strlen($m_pass);
$hashed_pair = $this->hash_password($password, $m_salt, $h_byte_size);
if ($hashed_pair === FALSE or $m_pass !== $hashed_pair['password']) {
return FALSE;
}
// Officially a valid user, but are they as secure as possible?
// ----------------------------------------------------------------
reset($this->hash_algos);
// Not hashed or better algo available?
if (!$m_salt or $h_byte_size != key($this->hash_algos)) {
$m_id = $member->row('member_id');
$this->update_password($m_id, $password);
}
$authed = new Auth_result($member->row());
$member->free_result();
return $authed;
}