e949/api/user/login.php

<?php
// Logging into account



// Includes
if ($IS_FRONTEND) {
	require_once("api/_auth.php");
	require_once("api/_utils.php");
	require_once("api/_errorslist.php");
	require_once("api/_types.php");
	require_once("api/user/index.php");
} else {
	require_once("../_auth.php");
	require_once("../_utils.php");
	require_once("../_errorslist.php");
	require_once("../_types.php");
	require_once("./index.php");
}



// Methods

/*
 * METHOD
 * Log into existing user account
 */
function User_Login_Method (array $req): ReturnT {
	global $db, $LOGGED_IN, $THIS_USER;

	$login = $req["login"];
	$password = $req["password"];

	// Input sanity checks

	// If already logged in
	if ($LOGGED_IN)
		return new ReturnT(err_code: E_AUT_ALRLOGIN, err_desc: "you are already logged in");

	// If no password or login supplied
	if (!isset($login) || !isset($password))
		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "you must supply both login and password");

	// Checking if password is correct
	$s = $db->prepare("SELECT * FROM users WHERE login = ?");
	$s->bind_param("s", $login);
	$s->execute();
	$d = $s->get_result()->fetch_assoc();

	// Wrong login
	if (!(bool)$d)
		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "wrong login or password");

	$suppl_pwd_hash = hash("sha256", $password . $d["salt"], true);
	$real_pwd_hash = $d["password_hash"];

	// Wrong password
	if ($suppl_pwd_hash !== $real_pwd_hash)
		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "wrong login or password");

	// Actions

	$_SESSION["userid"] = $d["id"];
	$THIS_USER = $d["id"];

	return new ReturnT(data: true);
}



if (Utils_ThisFileIsRequested(__FILE__)) {
	require_once("../_json.php");

	// HACK: for debugging purposes. Will be removed later
	if ($Config["debug"])
		$_POST = $_REQUEST;

	// Log into account
	$result = User_Login_Method($_POST);

	// Checking result
	if ($result->IsError())
		$result->ThrowJSONError();
	else
		JSON_ReturnData(["success" => $result->GetData()]);
}

?>