public function identify($account, $password)
{
    if(!$account or !$password) return false;

    /* Get the user first. If $password length is 32, don't add the password condition.  */
    $record = $this->dao->select('*')->from(TABLE_USER)
        ->where('account')->eq($account)
        ->beginIF(strlen($password) < 32)->andWhere('password')->eq(md5($password))->fi()
        ->andWhere('deleted')->eq(0)
        ->fetch();

    /* If the length of $password is 32 or 40, checking by the auth hash. */
    $user = false;
    if($record)
    {
        $passwordLength = strlen($password);
        if($passwordLength < 32)
        {
            $user = $record;
        }
        elseif($passwordLength == 32)
        {
            $hash = $this->session->rand ? md5($record->password . $this->session->rand) : $record->password;
            $user = $password == $hash ? $record : '';
        }
        elseif($passwordLength == 40)
        {
            $hash = sha1($record->account . $record->password . $record->last);
            $user = $password == $hash ? $record : '';
        }
    }

    if($user)
    {
        $ip   = $this->server->remote_addr;
        $last = $this->server->request_time;
        $this->dao->update(TABLE_USER)->set('visits = visits + 1')->set('ip')->eq($ip)->set('last')->eq($last)->where('account')->eq($account)->exec();
        $user->last = date(DT_DATETIME1, $user->last);
    }
    return $user;
}