private User login(org.hibernate.Session session, HttpServletRequest request, HttpServletResponse response, String username, String password, boolean internal)
throws SimpleMessageException {
username = username.toLowerCase();
User user = UserHelper.getUser(session, username);
MD5 md5 = new MD5();
md5.Update(password);
String passwordHash = md5.asHex();
if (user != null && isAccountValidated(user) && ((internal && password.equals(user.getPasswordHash())) || user.getPasswordHash().equals(passwordHash))) {
Cookie userCookie = new Cookie("user", user.getUsername());
userCookie.setPath("/");
userCookie.setMaxAge(COOKIE_TIMEOUT);