<?php
    
    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
        // you want to allow, and if so:
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }
    
    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            // may also be using PUT, PATCH, HEAD etc
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    
        exit(0);
    }
    //$2y$10$yJMyDzprPAyf3rBnClqQ3O3poVb5w8gg2KcmZ10DVbTWSzgXeU.Ju
    //65de59ea345a79fb01174fb34a930d95
    session_start();

    include 'db_connection.php';
    $conn = openCon();
        mysqli_set_charset($conn, "utf8");
        $data = json_decode(file_get_contents("php://input"),true);


        $email =  $data["email"];  //"example@email.email";
        $pass = $data["pass"];   //"hasło135$";

        $q = "SELECT login.id, login.pass, login.salt FROM login WHERE login.email=\"" . $email . "\"";
        $result = mysqli_query($conn, $q) or die("Problemy z odczytem danych!");
        
        $answ;
        while($row = mysqli_fetch_row($result))
            {
                $answ=["id"=>$row[0], "hash"=>$row[1], "salt"=>$row[2]];
            }
        
        function checkPassword($p, $s, $h){
            if(password_verify($p . $s, $h)) return true;
            else return false;
        };
        if(isset($answ["salt"]) && checkPassword($pass, $answ["salt"], $answ["hash"])){
            $_SESSION["id"] = $answ["id"];
            echo json_encode(true);
        }
        else {
            $_SESSION["id"] = null;
            echo json_encode(false);
        }
    closeCon($conn);
?>