function login($email, $password)
{
global $db;
// Prepare e-mail address
$email = $db->escape_string($email);
$email = strtolower($email);
$password = $db->escape_string($password);
$email_part = explode("@", $email);
$username = $email_part[0];
$domain = $email_part[1];
// Check e-mail address
$sql = "SELECT `" . DBC_USERS_ID . "`, `" . DBC_USERS_PASSWORD . "` FROM `" . DBT_USERS . "` WHERE `" . DBC_USERS_USERNAME . "` = '{$username}' AND `" . DBC_USERS_DOMAIN . "` = '{$domain}' LIMIT 1;";
if (!($result = $db->query($sql))) {
dbError($db->error);
}
if ($result->num_rows === 1) {
$userdata = $result->fetch_array(MYSQLI_ASSOC);
$uid = $userdata[DBC_USERS_ID];
$password_hash = $userdata[DBC_USERS_PASSWORD];
// Check password
if (crypt($password, $password_hash) === $password_hash) {
// Password is valid, start a logged-in user session
$this->loggedin = true;
$_SESSION['uid'] = $uid;
$_SESSION['email'] = $email;
return true;
} else {
// Password is invalid
return false;
}
} else {
// User could not be found
return false;
}
}