<?php
error_reporting(-1);

if (isset($_POST['submit'])) {
	
	include('config.php');
	$link = mysqli_connect($db['host'], $db['user'], $db['pass'], $db['name']);

	$login = mysqli_real_escape_string($link, $_POST['username']);
	$password = trim(md5($_POST['password']));
	
	$query = "SELECT user_id, user_login, user_password FROM users WHERE user_login = '" . $login . "' LIMIT 1";

	$queryResult = mysqli_query($link, $query) or die(mysqli_error($link));
	$dbData = mysqli_fetch_assoc($queryResult);

	$validHash = $dbData['user_password'];

	if (($dbData == NULL) or ($validHash != $password)) {
		echo "Неправильное имя пользователя или пароль";
	} else {
		session_start();
		$_SESSION['user_login'] = $dbData['user_login'];
		$_SESSION['user_id'] = $dbData['user_id'];
		header('Location: /index.php');
	}

}

include ('login.html');

?>