<?php
require '../config.php';
require_once(TEMPLATES_PATH . "/header.php");
session_start();

$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
$query = $conn->prepare("SELECT id, username, password, can_edit_bugs, can_edit_reports 
    FROM users WHERE username=:username");
$query->bindParam(':username', $_POST['username']);
$query->execute();
$result = $query->fetch();

if(password_verify($_POST['password'], $result['password'])) {
    echo 'password verified';
    $_SESSION['user_name'] = $result['username'];
    $_SESSION['user_id'] = $result['id'];
    $_SESSION['user_can_edit_bugs'] = $result['can_edit_bugs'];
    $_SESSION['user_can_edit_reports'] = $result['can_edit_reports'];
} else {
    echo 'wrong password';
}

header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");

require_once(TEMPLATES_PATH . "/footer.php");
?>