<?php
if (!defined('ONYX')) exit;

if (isset($_POST['username']) && isset($_POST['password']))
{
  $username = $_POST['username'];
  $password = $_POST['password'];

  $bdd = new BDD();

  // TODO: use function
  $bdd->escape($username);
  $bdd->escape($password);
  $hash = mdp($username, $password);
  $result = $bdd->unique_query("SELECT id, username, auth_level FROM users
                                      WHERE username='$username'
                                      AND password=unhex('$hash')");

  if (!empty($result) && $result['auth_level'] != 0)
  {
    $SESS->level = $result["auth_level"];
    $SESS->values = $result;
    $SESS->put($result["id"]);
    header("Location: /home");
    exit;
  }
}

$page = "public/login";