<?php

/* development only */
header("Access-Control-Allow-Origin: *");

require '../vendor/autoload.php';
require 'dbConfig.php';

use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Hmac\Sha256;


$passwordSalt = "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824";

$userName = $_POST['userName'];
$password = $_POST['password'];

$hashedPassword = crypt( $password, $passwordSalt );

	
$stmt = $connect->prepare('SELECT * FROM users WHERE userName = :userName');
$stmt->execute(array(
	':userName' => $userName
	));
	
$data = $stmt->fetch(PDO::FETCH_ASSOC);
	
if( $data == false ){
	http_response_code(400);
	die();
}else {
	if( hash_equals($hashedPassword,$data['password'] ) ) {
		if( $data['userName'] == "ckoch" ){
		$signer = new Sha256();
		$token = (new Builder())
			->setIssuer("http://pugludos.com")
			->setIssuedAt(time())
			->set("userName", $data['userId'])
			->sign($signer, "testing")
			->getToken();

		$userData = array();
		$userDatap["id"] = $data['userId'];
		$userDatap["username"] = $data['userName'];
		$userDatap["firstName"] = $data['firstName'];
		$userDatap["lastName"] = $data['lastName'];
		$userDatap["email"] = $data['email'];
		$userDatap["art"] = $data['art'];
		$userDatap["token"] = (string)$token;

		echo( json_encode( $userDatap ) );
		die();
		}else{
			http_response_code(400);
			die();	
		}
	}else{
		http_response_code(400);
		die();
	}
}

?>