<?php

checkPasswordFormat($_POST['password']);

checkUsernameFormat($_POST['username']);

$username = hashUsername($_POST['username']);

if (usernameExists($username) !== true)
	output(403, 'Connexion impossible : ce compte n\'existe pas.');

$id = query('select', 'users', ['username' => $username], 'id')[0];

if (checkPassword($id, $_POST['password']) !== true)
	output(403, 'Connexion impossible : clé de passe invalide.');

if (outdatedPasswordHash($id))
	changePassword($id, $_POST['password']);

stopSession();
startSession();

$_SESSION['id'] = $id;
$_SESSION['type'] = query('select', 'users', ['id' => $id], 'type')[0];

setupDisplayUsername($_POST['username']);

redir();