<?php
include '../../function/connect.php';
session_start();

date_default_timezone_set('Asia/Jakarta');

if (isset($_POST['username']) && isset($_POST['password'])) {

    $username = mysqli_real_escape_string($koneksi, $_POST['username']);
    $password_input = $_POST['password']; // Jangan di-hash di sini

    // Ambil data user berdasarkan username
    $query = mysqli_query($koneksi, "SELECT * FROM tb_user WHERE username='$username' LIMIT 1");

    if ($query && mysqli_num_rows($query) == 1) {
        $data = mysqli_fetch_assoc($query);

        // password_verify akan mengecek input mentah dengan hash yang ada di database
        if (password_verify($password_input, $data['password'])) {

            if (trim($data['status']) == 'Active') {
                $_SESSION['id']        = $data['id'];
                $_SESSION['username']  = $data['username'];
                $_SESSION['extplayer'] = $data['extplayer'] ?? '';
                $_SESSION['level']     = $data['level'];
                $_SESSION['status']    = "login";

                session_regenerate_id(true);
                header("Location: ../index.php");
                exit();
            } else {
                header("Location: ../index.php?pesan=6"); // Akun tidak aktif
                exit();
            }

        } else {
            header("Location: ../index.php?pesan=7"); // Password salah
            exit();
        }
    } else {
        header("Location: ../index.php?pesan=7"); // User tidak ditemukan
        exit();
    }
} else {
    header("Location: ../index.php?pesan=invalid");
    exit();
}
?>