From 267a3161e59f4955664127a999a5fa163c398f3f Mon Sep 17 00:00:00 2001
From: Goeran Heinemann <goeran@karsdorf.net>
Date: Sat, 28 Mar 2020 19:13:43 +0100
Subject: [PATCH] login -> return token

---
 html/api/login.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 html/api/login.php

diff --git a/html/api/login.php b/html/api/login.php
new file mode 100644
index 0000000..1dff363
--- /dev/null
+++ b/html/api/login.php
@@ -0,0 +1,25 @@
+<?php
+include "../../config.php";
+
+if (isset($_POST['username']) and isset($_POST['password'])){
+    $sql = "SELECT * FROM users WHERE username=?";
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindParam(1, $_POST['username']);
+    if ($stmt->execute()){
+        if ($stmt->rowCount()==1){
+            $user = $stmt->fetchAll(PDO::FETCH_ASSOC)[0];
+            if (password_verify($_POST['password'], $user['password'])){
+                $sql = "SELECT token FROM tokens WHERE user=?";
+                $stmt = $pdo->prepare($sql);
+                $stmt->bindParam(1, $user['id']);
+                if ($stmt->execute()){
+                    if ($stmt->rowCount()>0){
+                        echo $stmt->fetchAll(PDO::FETCH_ASSOC)[0]['token'];
+                    }
+                }else{
+                    var_dump($stmt->errorInfo());
+                }
+            }
+        }
+    }
+}
\ No newline at end of file