<?php
include $_SERVER["DOCUMENT_ROOT"] . "/php/scripts.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["username"]) && isset($_POST["password"])) {
    $conn = connectDB();
    $stmt = $conn->prepare("SELECT UID, password FROM users WHERE username = ?");
    $username = trim($_POST["username"]);
    $password = trim($_POST["password"]);
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $stmt->bind_result($UID, $passwordHash);
    if ($stmt->fetch()) {
        if (password_verify($password, $passwordHash)) {
            $_SESSION["UID"] = $UID;
            $_SESSION["username"] = $username;
            echo json_encode(["redirect" => "/", "msg" => "Zalogowano jako $username"]);
        } else
            jsonMsg("Nieprawidłowe hasło");
    } else
        jsonMsg("Nieprawidłowy login");
    $stmt->close();
    $conn->close();
} elseif ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["guest"])) {
    $_SESSION["UID"] = 0;
    echo json_encode(["redirect" => "/", "msg" => "Zalogowano jako gość"]);
} else
    jsonMsg("Nieprawidłowy request");