<?php
function login($db){
        if($_SERVER['REQUEST_METHOD'] == 'POST') {

        /*___Database Query: Login___*/
                $username = $_POST["username"];
                $password = $_POST["password"];
                $safe_username = SQLite3::escapeString("$username");

		//$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);

		$pepper = file_get_contents("../database/pepper.txt");
		$password = $password . $pepper;

                $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
                while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
                         foreach($real_password_array as $secondelement){
                                $real_password=$secondelement;
                        }   
                }   

        /*___Login___*/
                if (password_verify($password, $real_password)) {

                        if($db->exec("
                                BEGIN TRANSACTION;
                                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
                                COMMIT;
                        ")){
				$id = user($db, $username);

                                $_SESSION["login"] = true;
                                $_SESSION["username"] = $username;
				$_SESSION["userid"] = $id;

				header("Refresh: 0; /");
				return true; 

                        } else {
                                header("Refresh: 0; login?reason=database&username=" . $username);
				return false;
                        }   
                } else {
                        header("Refresh: 0; login?reason=failure&username=" . $username);
			return false;
                }   
        } else {
                if(isset($_SESSION["login"])){
                        header("Refresh: 0; /");
			return false;
                } 
		include("login.php");
		return false;
	}
}

function logout(){
        $username=$_SESSION["username"];
        if(session_destroy()){
                header("Refresh: 0; login?reason=logout&username=" . $username);
                return true;
        } else {
                return false;
        }   
}