<?php
  // attach to session
  session_start();

  // verify that parameters exist
  if (empty($_POST['userid']) || empty($_POST['password']) ) {
    $_SESSION['message'] = "Please login";
    require('login.php');
    return;
  }

  $userid = $_POST['userid'];
  $password = $_POST['password'];

  $db = new SQLite3('user.db');

  // look for user in database
  $query = "SELECT userid, password FROM user WHERE userid='" . $userid . "'";
  $result = $db->query($query);
  /* START: EDITED CODE 12/11/2020 */
  if ($result) {
     $row = $result->fetchArray(SQLITE3_ASSOC);
     if ($row['userid'] != $userid) {
         // userid not in database
    	 $_SESSION['message'] = "Please register";
    	 $db->close();
    	 require('register.php');
	 exit;
     }
  /* END: EDITED CODE 12/11/2020 */
     $hash = $row['password'];

     // validate password
     $valid = password_verify($password, $hash);
     if ($valid) {
      	$_SESSION['userid'] = $userid;
	$_SESSION['logged_in'] = TRUE;
        $_SESSION['message'] = $_SESSION['userid'] . " logged in";
	$db->close();
        require('index.php');
     } else {
         // invalid password
     	  unset($_SESSION['userid']);
      	  unset($_SESSION['logged_in']);
          $_SESSION['message'] = "Invalid credentials - please try again";
	  $db->close();
          require('login.php');
     }
  } else {
    // userid not in database
    $_SESSION['message'] = "Please register";
    $db->close();
    require('register.php');
  }

?>