<?php

// COMMONS + DB

require "include/common.php";

// POST DATA CHECKS

$username = get_post("username");
$password = get_post("password");

// GET USER SAFE

$sql = "select * from hynek_users where LOWER(username) = LOWER(?)";
$stmt = mysqli_prepare($conn, $sql);

mysqli_stmt_bind_param($stmt, "s", $username);

$result = db_stmt_execute_result($stmt);

if (mysqli_num_rows($result) <= 0) {
  fatal("E002"); // will exit()
}

$row = mysqli_fetch_assoc($result);

// CHECK PASSWORD

if ($row["passwd_sha1"] != $password) {
	fatal("E003"); // will exit()
}

// CHECK USER ENABLED

if ($row["user_enabled"] <= 0) {
	fatal("E007"); // will exit()
}

$user_id = $row["id"];

// CLOSE OLD SESSION
$sql = "select * from hynek_sessions where (user_id = " . $user_id . ") and (active = 1)";
$result = db_query($sql);
if (mysqli_num_rows($result) > 0) {
	while ($row = mysqli_fetch_assoc($result)) {
		$session_id = $row["id"];
		//THIS WOULD BREAK SESSION LENGTH...
		//player_action($session_id, "", "A002", "Player has been logged out by the system (another login has been just made), session id " . $session_id . " ended.");
		$sql = "update hynek_sessions set active = 0 where id = '" . $session_id . "';";
		db_query($sql);
	}
}

// CREATE SESSION
$sql = "insert into hynek_sessions(user_id) values(" . $user_id . ")";
$sessionid = db_query_insert($sql);
$session = db_query_get("select session_id from hynek_sessions where id = " . $sessionid, "session_id");

// LOG PLAYER ACTION

player_action($sessionid, "", "", "0.01 LOGIN", "LOG IN", "Player just logged in, session (id/code) " . $sessionid . "/" . $session . " started.");

// RESPOND

response_json_ok(array("session" => $session)); // will exit()