<?php
/* hitler-clicker
 * api for authentification
 * © 2025 hitler.rip <git@hitler.rip>
 * licensed under AGPLv3-or-later; see LICENSE.md for more information
 */

header('Content-Type: application/json; charset=UTF-8');

try {
	$pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa");
} catch(PDOException $e) {
	die('{ "status": "database offline" }');
};

$wrkarr = [];
$ifarr = [ "name", "password" ];
$postjson = json_decode(file_get_contents('php://input'), true);
foreach ($ifarr as $i):
	if (isset($postjson[$i])):
		$newarr = [
			"$i" => "$postjson[$i]",
		];
		$wrkarr = array_merge($wrkarr, $newarr);
	endif;
endforeach;

if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""):
	die('{ "status": "login (name) was not provided.\ncould not attempt to log in." }');
elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""):
	die('{ "status": "password was not provided.\ncould not attempt to log in." }');
else:

	$query = $pdo->prepare("SELECT name, password, token, team FROM users WHERE name LIKE ?");
	$query -> execute([$wrkarr["name"]]);
	$found = $query->fetch(PDO::FETCH_ASSOC);
	if ($found):

		if (!password_verify($wrkarr["password"], $found["password"])):
			die('{ "status": "wrong password." }');
		else:

			die("{ \"status\": \"success\", \"token\": \"$found[token]\", \"team\": \"$found[team]\" }");

		endif;

	else:
		die('{ "status": "name does not exist in the database." }');
	endif;

endif;

echo '{ "status": "online" }';

?>