<?php

require_once('app/init.php');

$username = $_POST['username'];
$password = $_POST['password'];

if ( $user = user_exists($username)) {
	if ( isValid($username, $password, $user->password)) {
		login($user);
	} else {
		return 'Invalid login credentials.';
	}
} else {
	return 'That user does not exist!';
}

function isValid($username, $password, $password2)
{
	return password_verify($password, $password2);
}

function login($user)
{
	$_SESSION['username'] = $user->username;
	$_SESSION['role'] = $user->role;
	header('Location: ./index.php');
}

function user_exists($username)
{
	$pdo = new PDO("mysql:host=localhost;dbname=sqli_example", "sqli_example", "password");
	$sth = $pdo->prepare("SELECT username, password, role FROM users WHERE username = ?");
	$sth->bindParam(1, $username, PDO::PARAM_STR);
	$sth->execute();

	return $user = $sth->fetch(PDO::FETCH_OBJ);	
}