<?php
function login($db){

        /*___Database Query: Login___*/
	$username = $_POST["username"];
        $password = $_POST["password"];
        $safe_username = SQLite3::escapeString("$username");

	$pepper = file_get_contents("../database/pepper.txt");
	$password = $password . $pepper;

        $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
        	foreach($real_password_array as $secondelement){
                	$real_password=$secondelement;
                }   
	}   

        /*___Login___*/
        if (!password_verify($password, $real_password)) {
		return LOGIN_PASSWORD;
	}

        if($db->exec("
        	BEGIN TRANSACTION;
                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
                COMMIT;
	")){

		$id = user($db, $username);

                $_SESSION["login"] = true;
                $_SESSION["username"] = $username;
		$_SESSION["userid"] = $id;

		return LOGIN_SUCCESSFULL; 

	} else {
		return LOGIN_DATABASE;
	}   
}

function logout(){
        if(session_destroy()){
                return LOGOUT_SUCCESSFULL;
        } else {
                return LOGOUT_FAILURE
        }   
}