<?php
if (isset($_POST["log_but"])) {

    $errors = array(); // Used to hold any errors.
    $email = filter_var($_POST['log_email'], FILTER_SANITIZE_EMAIL); // sanatizes email to ensure correct format.

    $_SESSION['log_email'] = $email;

    $pass = strip_tags($_POST['log_pass']); 
    $pass = str_replace(' ', '', $pass); 
    $pass = password_hash($pass, PASSWORD_BCRYPT); // Encrypts password


    // Uses a prepared statement to check user login. Prevents SQL Injection using Binding. 
    $stmt = $con->prepare("SELECT username,user_closed FROM users WHERE email = ? AND password = ?");
    $stmt->bind_param("ss", $email, $pass); // "ss" indicates two string parameters
    $stmt->execute();
    $stmt->bind_result($username,$closed);
    $stmt->fetch();
    
    if ($username != null) {
        $_SESSION['username'] = $username;

        if ($closed === 0) { // Reopens account if the account was closed. 
            $stmt = $con->prepare("UPDATE users SET user_closed = '0' WHERE email = ?");
            $stmt->bind_param("s", $email); // Bind parameters for security
            $stmt->execute();
            $stmt->close(); // Close the statement for proper resource management
        }
        
        header("Location: index.php");
        exit();
    } else {
        array_push($errors, "login_error");
    }

    $stmt->close();
}

?>