<?php
session_start();
$db = new SQLite3('ask.db');

$logErrorMsg = "";
$validUser = $_SESSION["login"] === true;
if(isset($_SESSION["login"])) $validUser = $_SESSION["login"] === true;
if(isset($_POST["log"])){
	if($_POST["logname"]){
		$user = $_POST["logname"];
		$shadow = $db->querySingle("SELECT shadow FROM users WHERE username = '$user'");
		if(password_verify($_POST["password"],$shadow)){
			$_SESSION["login"] = true;
			$_SESSION["uid"] = $db->querySingle("SELECT id FROM users WHERE username = '$user'");
			header("Location: /"); die();
		}
		else{
			$logErrorMsg = "Incorrect user or password";
		}
	}
	else $logErrorMsg = "Please input a username";

	$validUser = $_POST["logname"] == "admin" && password_verify($_POST["password"], $hash);
	if(!$validUser) $errorMsg = "Invalid username or password.";
	else $_SESSION["login"] = true;
}

if($validUser){
	header("Location: /"); die();
}

$regErrorMsg = "";
if(isset($_POST["reg"])){
	if(password_verify($_POST["invite"],"$2y$10\$Mofyx6QsxEartbq..53zlu.FwTX0aMmUeRCNnISvfmrC44iA1SfSO")){
		if($_POST["regname"]){

			// Set user
			$user = $_POST["regname"];

			if(preg_match("/[^a-z0-9]/", $_POST["regname"])){
				$regErrorMsg = "Only lowercase letters and numbers are allowed";
			}
			else if($db->querySingle("SELECT * FROM users WHERE username = '$user';")){
				$regErrorMsg = "Username taken";
			}
			else{
				if($_POST["password"]){

					// Set password
					$shadow = password_hash($_POST["password"], PASSWORD_DEFAULT);

					// Insert user into DB
					$db->exec("INSERT INTO users(username,name,shadow) VALUES ('$user','$user','$shadow')");
					unset($_POST["regname"],$_POST["password"],$_POST["invite"]);

					$regErrorMsg = "Account created successfully";
				}
				else $regErrorMsg = "Please input a password";
			} 
		}
		else $regErrorMsg = "Please input a username";
	}
	else $regErrorMsg = "Wrong invitation code";
}

?>

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv="content-type" content="text/html;chartset=utf8"/>
	<title>Login</title>
</head>
<body>
	<h2>Login</h2>
	<form name="input" action="" method="post">
		<label for="logname">Username:</label><input type="text" value="<?= $_POST["logname"] ?>" id="logname" name="logname"/><br/>
		<label for="password">Password:</label><input type="password" id="password" name="password"/>
		<?php if(isset($logErrorMsg)) echo "<p>$logErrorMsg</p>\n"; ?>
		<input type="submit" value="Login" name="log"/>
	</form>
	<h2>Register</h2>
	<form name="input" action="" method="post">
		<label for="regname">Username:</label><input type="text" value="<?= $_POST["regname"] ?>" id="regname" name="regname"/><br/>
		<label for="password">Password:</label><input type="password" id="password" name="password"/><br/>
		<label for="invite">Invite code:</label><input type="text" value="<?= $_POST["invite"] ?>" id="invite" name="invite"/><br/>
		<?php if(isset($regErrorMsg)) echo "<p>$regErrorMsg</p>\n"; ?>
		<input type="submit" value="Register" name="reg"/>
	</form>
</body>
</html>