prepare('SELECT * FROM users WHERE username = ?');
$stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
if (!$user) {
exit(create_alert('/login.php', 401, 'Incorrect username or password.', null));
}
if (!password_verify($password, $user['password'])) {
exit(create_alert('/login.php', 401, 'Incorrect username or password.', null));
}
$now = date('Y-m-d H:i:s', time());
$db->prepare('DELETE FROM tokens WHERE expires_at <= ? AND user_id = ?')
->execute([$now, $user['id']]);
$data = $user;
if (IS_JSON_REQUEST) {
$expires_at = date('Y-m-d H:i:s', time() + 86400);
$token = bin2hex(random_bytes(16));
$db->prepare('INSERT INTO tokens(user_id, hash, expires_at) VALUES (?, ?, ?)')
->execute([$user['id'], hash('sha256', $token), $expires_at]);
$data = [
'token' => $token,
'id' => $user['id']
];
}
$_SESSION['user'] = $user;
exit(create_alert('/', 200, null, $data));
}
?>
id