<?php
include "classes/db.class.php";
session_start();
// hash password

$password = hash("sha256", $_POST["password"]);
// check if user exists

$res = $db->query("users", "SELECT * FROM users WHERE username = '" . $_POST["username"] . "' AND password = '" . $password . "' AND status = 1");
if ($res->num_rows > 0) {
    $row = $res->fetch_assoc();
    $_SESSION["username"] = $row["username"];
    $_SESSION['user_id'] = $row['record_id'];
    $_SESSION['user_type'] = $row['access_type'];
    $_SESSION['company_id'] = $row['company_id'];
    if (strlen($row['tanks']) < 1 || $row['tanks'] == null) {

        $tanks_res = $db->query('tanks', "SELECT * FROM tanks WHERE company_id = '" . $row['company_id'] . "'");
        $tank = [];
        while ($tanks = $tanks_res->fetch_assoc()) {
            $tank[] = $tanks['record_id'];
        }
        $_SESSION['tanks'] = implode(",", $tank);
    } else {
        $_SESSION['tanks'] = $row['tanks'];
    }

    echo 1;
} else {
    echo "USERNAME OR PASSWORD INCORRECT OR USER ACCOUNT DISABLED";
}