<?php
header('Content-type: application/json');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    # Gets json from POST
    $json = json_decode(file_get_contents('php://input'), true);

    # Input validation for username y password
    $username = $json["username"];
    $password = $json["password"];
    if(strlen($username) == 0 or strlen($password) == 0){
        header("400 Bad Request", true, 400);
        exit();
    }

    include 'db.php';

    # Select username row
    $sql = "SELECT hash FROM login WHERE username = '".$username."'";
    $result = $conn->query($sql);
    if($result->num_rows){
        $result = $result->fetch_assoc();
        $hash = $result["hash"];
    } else {
        $conn->close();
        header("400 Bad Request", true, 400);
        exit();
    }

    # Verifies password
    if(!password_verify($password, $hash)){
        $conn->close();
        header("400 Bad Request", true, 400);
        exit();
    }

    # Returns 200
    $conn->close();
    header("200 OK", true, 200);
    exit();
    
} else {
    header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
    exit();
}
?>