<?php
if (!defined('ONYX')) exit;

if ($SESS->level < 1)
{
    if (isset($_POST['username']) && isset($_POST['password']))
    {
        $username = $_POST['username'];
        $password = $_POST['password'];

        $bdd = new BDD();

        // TODO: use function
        $hash = mdp($bdd->escape($username), $bdd->escape($password));
        $result = $bdd->unique_query("SELECT username, auth_level FROM users
                                      WHERE username='$username'
                                      AND password=unhex('$hash')");

        if (!empty($result) && $result['auth_level'] != 0)
        {
            $SESS->level = $result['auth_level'];
            $SESS->values = $result;
            $SESS->put($username);
            header("Location: /home");
            exit;
        }
    }
    $page = "public/login";
}
else
{
    // Show some page ?
    header("Location: /home");
}