<?php
ini_set("display_errors", 1);
ini_set("display_startup_errors", 1);
error_reporting(E_ALL);

require "../api.php";

$api = new spamhasiApi();
$db = $api->getDB();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (!isset($_POST["username"]) || !isset($_POST["passwd"])) {
        die("Username or Password are missing");
    }

    $user = $_POST["username"];
    $passwd = hash("sha256", $_POST["passwd"]);

    $sql = "SELECT username, passwd FROM users WHERE username = :username AND passwd = :passwd";
    $stmt = $db->prepare($sql);
    $stmt->execute([
        ':username' => $user,
        ':passwd' => $passwd
    ]);

    $result = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($result) {
        $config = $api->getConf();

        $session["session_id"] = $api->generateSessionID();
        $device_id = rand(1, 999);

        $json[$device_id] = $session;

        file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $user . ".json", json_encode($json));

        setcookie("session_id", $session["session_id"], time() + 3600, "/");
        setcookie("device_id", $device_id, time() + 3600, "/");
        setcookie("username", $user, time() + 3600, "/");

        header("Location: /opfer.html");
        exit;

    }else{
        header("Location: /login.php?passwdIsFalse=true");
        exit;
    }
}
?>