<?php
require_once "database.php";

/* if ($_POST['email'] == "" || $_POST['password'] == "" ) {
	exit('Please fill both the username and password fields!');
} */

if ($stmt = $con->prepare('SELECT id, password, name, surname, office, role, gender FROM users WHERE email = ? AND enable = 1')) {
    $stmt->bind_param('s', $_POST['email']);
    $stmt->execute();
    $stmt->store_result();

    if ($stmt->num_rows > 0) {
        $stmt->bind_result($id, $password, $name, $surname, $office, $role, $gender);
        $stmt->fetch();

        if (password_verify($_POST['password'], $password)) {
            session_regenerate_id();
            $_SESSION['loggedin'] = TRUE;
            $_SESSION['name'] = $name;
            $_SESSION['surname'] = $surname;
            $_SESSION['username'] = $name . " " . $surname;
            $_SESSION['id'] = $id;
            $_SESSION['office']       = $office;
            $_SESSION['role']         = $role;
            $_SESSION['email']        = $_POST['email'];
            $_SESSION['gender']       = $gender;

            /* header('Location: ../index.php?login=true'); */
            echo "ok";
        } else {
            /* header('Location: ../login.php?error=true'); */
            echo "error";
        }
    } else {
        /* header('Location: ../login.php?error=true'); */
        echo "error";
    }

    $stmt->close();
}