<?php

if(!defined("COMMON"))
    require("Common.php");

$js = getJsonizedInput();

// Read login parameters
$first = $js['first'];
$last = $js['last'];
$password = $js["password"];

// Password is hashed
// Compare against hash in database + : (salt)
$DB = get_DB();

$id = NULLKEY;
$rez = 0;
$title = "";
$login = false;
$reason = "Unauthorized";
$active = false;

$clientKey = $js['clientKey'];
if($clientKey == CLIENTPSK) {
    // PSK Matches, authorized application

    $res = $DB->query("SELECT * FROM `UserAccounts` INNER JOIN `auth` ON `UserAccounts`.`PrincipalID` = `auth`.`UUID` WHERE `FirstName` = '$first' AND `LastName` = '$last';");

    if($res->num_rows > 0) {
        $row = $res->fetch_assoc();
        $pwSalt = $row['passwordSalt'];
        $pwHash = $row['passwordHash'];

        if(md5($password.":" . $pwSalt) == $pwHash) {
            // Login Success
            $_SESSION['login'] = "1";
            $id = $row['UUID'];
            $first = $row['FirstName'];
            $last = $row['LastName'];
            $rez = (int)$row['createdAt'];
            $title = $row['UserTitle'];
            $active = $row['active'] == 1;

            $reason = "success";
            $login=true;
        } else {
            $reason = "Invalid Password";
        }
    }
    else {
        $reason = "No such user ($first.$last) found";
    }

}

die(json_encode(
    array(
        "login" => $login,
        "reason" => $reason,
        "type" => "S2CLoginResponse",
        "user" => array(
            "id" => $id,
            "first" => $first,
            "last" => $last,
            "title" => $title,
            "rez" => $rez,
            "active" => $active
        )
    )
));
?>