From e08e441a9047639a394a40d5d6356a4addccf5d7 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Fri, 31 Mar 2017 15:50:15 +0200
Subject: [PATCH] Move login to mapper

---
 Models/AccountMapper.php | 61 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/Models/AccountMapper.php b/Models/AccountMapper.php
index d04aa87..9387e09 100644
--- a/Models/AccountMapper.php
+++ b/Models/AccountMapper.php
@@ -118,6 +118,67 @@ class AccountMapper extends DataMapperAbstract
         return $objId;
     }
 
+    /**
+     * Login user.
+     *
+     * @param string $login    Username
+     * @param string $password Password
+     *
+     * @return int Login code
+     *
+     * @todo move this to the admin accountMapper
+     *
+     * @since  1.0.0
+     * @author Dennis Eichhorn <d.eichhorn@oms.com>
+     */
+    public static function login(string $login, string $password) : int
+    {
+        try {
+            $result = null;
+
+            switch ($this->connection->getType()) {
+                case DatabaseType::MYSQL:
+
+                    $sth = $this->connection->con->prepare(
+                        'SELECT
+                            `' . $this->connection->prefix . 'account`.*
+                        FROM
+                            `' . $this->connection->prefix . 'account`
+                        WHERE
+                            `account_login` = :login'
+                    );
+                    $sth->bindValue(':login', $login, \PDO::PARAM_STR);
+                    $sth->execute();
+
+                    $result = $sth->fetchAll();
+                    break;
+            }
+
+            // TODO: check if user is allowed to login on THIS page (backend|frontend|etc...)
+
+            if (!isset($result[0])) {
+                return LoginReturnType::WRONG_USERNAME;
+            }
+
+            $result = $result[0];
+
+            if ($result['account_tries'] <= 0) {
+                return LoginReturnType::WRONG_INPUT_EXCEEDED;
+            }
+
+            if (password_verify($password, $result['account_password'])) {
+                $this->session->set('UID', $result['account_id']);
+                $this->session->save();
+
+                return LoginReturnType::OK;
+            }
+
+            return LoginReturnType::WRONG_PASSWORD;
+        } catch (\Exception $e) {
+            return LoginReturnType::FAILURE;
+        }
+    }
+
     /**
      * Get object.
      *