<?php
include "classes/autoload.php";

// hash password

$password = hash("sha256", $_POST["password"]);
// check if user exists

$res = $db->query("users","SELECT * FROM users WHERE username = '" . $_POST["username"] . "' AND password = '" . $password . "'");
if ($res->num_rows > 0) {
    $row = $res->fetch_assoc();
    $_SESSION["username"] = $row["username"];
    $_SESSION['user_id'] = $row['record_id'];
    $_SESSION['user_type'] = $row['type'];
    echo 1;
}else{
    echo "USERNAME OR PASSWORD INCORRECT";
}