<?php
session_start();
header('Content-Type: application/json');
include 'Connection.php';

$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';

if (empty($username) || empty($password)) {
    echo json_encode(["status" => "error", "message" => "Username dan password wajib diisi"]);
    exit;
}

$stmt = $conn->prepare("SELECT password FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows === 0) {
    echo json_encode(["status" => "error", "message" => "Username tidak ditemukan"]);
    $stmt->close();
    $conn->close();
    exit;
}

$stmt->bind_result($hashedPassword);
$stmt->fetch();

if (password_verify($password, $hashedPassword)) {
    $_SESSION['username'] = $username;
    echo json_encode(["status" => "success", "message" => "Login berhasil"]);
} else {
    echo json_encode(["status" => "error", "message" => "Password salah"]);
}

$stmt->close();
$conn->close();
?>