$username = $_POST['username'];
$password = $_POST['password'];
if (!$_POST['username']) {
$loginError = true;
$usernameErrorMessage = "<p class=\"text-danger\">Please enter your username</p>";
}
if (!$_POST['password']) {
$loginError = true;
$passwordErrorMessage = "<p class=\"text-danger\">Please enter your password</p>";
}
// Authenticate user credentials
if ($_POST['username'] && $_POST['password']) {
include 'models/memberModel.php';
$memberModel = new memberModel();
//$result = $memberModel->getByUsernameAndPassword($username, $password); // will get password + salt
$result = $memberModel->getPasswordSaltAccountType($username);
$row = pg_fetch_row($result);
// [0] contains password, [1] contains salt, [2] contains account type
$desiredPassword = $row[0];
$salt = $row[1];
$accountType = $row[2];
$userPassword = crypt($password, $salt);
// hash given password with salt
if ($userPassword == $desiredPassword) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['usertype'] = $accountType;
//TODO remove magic number
} else {
$loginError = true;
$loginResultMessage = "<p class=\"text-danger\">Incorrect Username/Password</p>";
