From 6527c452e1a48f52afea00ad82507fe8a02bd5ea Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Thu, 11 Dec 2025 00:18:06 +0500
Subject: feat: return token if the request accepts json

---
 account/login/index.php | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/account/login/index.php b/account/login/index.php
index 14f7c4e..fd0d386 100644
--- a/account/login/index.php
+++ b/account/login/index.php
@@ -1,7 +1,7 @@
 <?php
 include "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
 
-if (authorize_user()) {
+if (authorize_user() && !CLIENT_REQUIRES_JSON) {
     header("Location: /account");
     exit;
 }
@@ -25,19 +25,26 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $stmt = $db->prepare("SELECT secret_key, password FROM users WHERE username = ? AND password IS NOT NULL");
     $stmt->execute([$username]);
 
-    if ($row = $stmt->fetch()) {
-        if (password_verify($password, $row["password"])) {
-            setcookie("secret_key", $row["secret_key"], $remember ? (time() + CONFIG['account']['maxcookielifetime']) : 0, "/");
-            header("Location: /account");
-            exit;
-        } else {
-            generate_alert("/account/login", "Passwords do not match!", 403);
-            exit;
-        }
-    } else {
+    $row = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
+    if (!$row || !password_verify($password, $row["password"])) {
         generate_alert("/account/login", "User not found or is not accessable", 404);
         exit;
     }
+
+    if (CLIENT_REQUIRES_JSON) {
+        json_response([
+            "status_code" => 200,
+            "message" => null,
+            "data" => [
+                'secret_key' => $row["secret_key"]
+            ]
+        ]);
+    } else {
+        setcookie("secret_key", $row["secret_key"], $remember ? (time() + CONFIG['account']['maxcookielifetime']) : 0, "/");
+        header("Location: /account");
+    }
+
+    exit();
 }
 ?>
 
-- 
cgit v1.2.3