<?php
require_once "../../bootstrap.php";

use Backend\Model\User;
use Illuminate\Support\Str;

session_start();
if (isset($_POST['loginsubmit'])) {
    $username = $_POST["username"];
    $password = $_POST["password"];
    $user = User::query()->firstWhere('name', $username);
    if ($user) {
        $hashedPassword = $user->password;
        if (password_verify($password, $hashedPassword)) {
            $token = Str::random(100);
            $password = User::firstWhere('id', '=', $user->id);
            $password->remember_token = $token;
            if ($password->save()) {
                $_SESSION['token'] = $token;
                $_SESSION['name'] = $username;
                $_SESSION['id'] = $user->id;
                if($user->permission === 1){
                    $_SESSION['permission'] = $token;
                }
                header('location:  ../../Frontend/admin.php?login=success');
                exit();
                http_response_code(200);
            } else {
                session_destroy();
                http_response_code(500);
                header('location:  ../../login.php?error=couldNotSaveToken');
            }

        } else {
            session_destroy();
            http_response_code(401);
            header('location:  ../../login.php?message=wrongPassword');
            //echo json_encode(["message" => "Wrong password"]);
        }

    } else {
        session_destroy();
        http_response_code(401);
        header('location:  ../../login.php?message=userWasNotFound');
        //echo json_encode(["message" => "User was not found"]);
    }
} else {
    http_response_code(400);
    header('location:  ../../login.php?message=badMethod');
}