fn user_login
 - check if user is already logged in: redirect if yes
 - display login form
    o username
    o password
    o form['#validate'] => user_login_default_validators()
       - user_login_name_validate
       - user_login_authenticate_validate
       - user_login_final_validate
    o submit

user_login_name_validate
 - check if user is blocked
 - check if name is reserved

user_login_authenticate_validate
 - validate username/password against db
     o load user from db
     o check if email is reserved
     o finalize the login if no errors
     o update last-access timestamp
     o regenerate session
     o invoke hook _login

user_login_final_validate
 - makes sure the user was authenticated and has a uid