<?php
session_start();
include 'classes/db.class.php';
$db = new db();
$username = htmlspecialchars($_POST['username'], ENT_QUOTES, 'UTF-8');
$password = hash('sha256', htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8'));
$res = $db->query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
if ($res->num_rows == 0) {
    echo 0;
} else {
    $user_data = $res->fetch_assoc();
    $_SESSION['user_id'] = $user_data['record_id'];
    $_SESSION['username'] = $user_data['username'];
    $_SESSION['email'] = $user_data['email'];

    // user login
    $db->user_log("LOGIN");
    echo 1;
}