<?php

require '../include/db.php';

session_start();

$login = strtolower($_POST['login']);
$password = hash("sha256", $_POST['password']);

$q = $pdo->prepare(
    'SELECT * FROM users WHERE login = :login AND password = :password');
$q->execute([
    'login' => $login,
    'password' => $password,
]);

$users = $q->fetchAll();

if (count($users) == 1)
{
    $_SESSION["login"] = $_POST["login"];
    header("Location: /index.php");
}
else {
    $_SESSION["login"] = "";
    header("Location: /index.php?error=201");
}