<?php
header('Content-Type: application/json');
include 'Database.php';
session_start();

$data = $_POST;
if (empty($data['username']) || empty($data['password'])) {
    echo json_encode(["status"=>"error","message"=>"Username & password dibutuhkan"]);
    exit;
}

$username = trim($data['username']);
$password = $data['password'];

$stmt = $conn->prepare("SELECT id, password FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($id, $hash);
if ($stmt->fetch()) {
    if (password_verify($password, $hash)) {
        session_regenerate_id(true);
        $_SESSION['user_id'] = $id;
        $_SESSION['username'] = $username;
        echo json_encode(["status"=>"success","message"=>"Login berhasil"]);
    } else {
        echo json_encode(["status"=>"error","message"=>"Password salah"]);
    }
} else {
    echo json_encode(["status"=>"error","message"=>"User tidak ditemukan"]);
}
$stmt->close();
$conn->close();
?>