<?php
function login($username, $password){
		$db = new SQLite3("../database/sqlite.db");
		
		$safe_username = SQLite3::escapeString("$username");

		$pepper = file_get_contents("../database/pepper.txt");
		$password = $password . $pepper;

		$real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
		while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
			foreach($real_password_array as $secondelement){
				$real_password=$secondelement;
			}
		}

		/*___Login___*/
		if (password_verify($password, $real_password)) {

			if($db->exec("
				BEGIN TRANSACTION;
				INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
				COMMIT;
			")){
				$id = user($db, $username);

				$_SESSION["login"] = true;
				$_SESSION["username"] = $username;
				$_SESSION["userid"] = $id;

				return "success"; 
			} else {
					return "database";
			}
		} else {
			return "password";
		}
}

function logout(){
		if(session_destroy()){
			return true;
		} else {
			return false;
		}
}