<?php
header('Content-type: application/json');

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    # Gets json from POST
    $json = json_decode(file_get_contents('php://input'), true);

    # Input validation for username y password
    $correo = $json["correo"];
    $password = $json["password"];

    if(strlen($correo) == 0 or strlen($password) == 0){
        http_response_code(400);
        echo json_encode(array("error" => "Correo o password vacio."));

        exit();
    }

    include 'db.php';

    # Select username row
    $sql = "SELECT userid, hash FROM Login WHERE correo = '".$correo."'";
    $result = $conn->query($sql);

    if($result === FALSE){
        http_response_code(500);
        echo json_encode(array("error" => "Error de base de datos 1."));

        $conn->close();
        exit();
    }

    if($result->num_rows){
        # Grabs password hash
        $result = $result->fetch_assoc();
        $hash = $result["hash"];
        $userid = $result["userid"];

    } else {
        http_response_code(401);
        echo json_encode(array("error" => "Correo o password incorrecto."));

        $conn->close();
        exit();
    }

    # Verifies password
    if(!password_verify($password, $hash)){
        $conn->close();

        http_response_code(401);
        echo json_encode(array("error" => "Correo o password incorrecto."));

        exit();
    }

    $token = bin2hex(random_bytes(16));

    # Insert Token
    $sql = "INSERT INTO Token (token, userid) VALUES (\"".$token."\", ".$userid.") ON DUPLICATE KEY UPDATE token = \"".$token."\";";
    if($conn->query($sql) === FALSE){
        http_response_code(500);
        echo json_encode(array("error" => "Error de base de datos 2."));

        $conn->close();
        exit();
    }

    http_response_code(200);
    echo json_encode(array("token" => $token));    

} else {
    header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
    exit();
}
?>