<?php
	echo "Going to connect...<br>";

	require_once 'db_login.php';

	// Connect to server
	$db_server = mysqli_connect($db_hostname, $db_username, $db_password, $db_database);
	if (!$db_server) {
		die("Unable to connect to MySQL server " . $db_hostname);
	} else {
		echo "Connected to MySQL server " . $db_hostname . "<br>";
	}

	// typically you'll want to create a form to enter the username and password
	$username  = "Hwang";
	$password = "mysecretpassword";
	
	// encrypt the password
	$salt1 = "qm&h*";
	$salt2 = "pg!@";
	$encrypted = hash('ripemd128', "$salt1$password$salt2");	// use the ripemd128 encryption algorithm
	
	// search username in database
	$query = "SELECT * FROM Users WHERE Username='$username'";
	$result = mysqli_query($db_server, $query);		// execute the sql command
	if (!$result) {
		die ("Error executing sql command");
	} else {
		// There should only be one record since the username is unique
		$record = mysqli_fetch_row($result);	// get first record.
		if ($encrypted == $record[1]) {
			echo "Hi $record[0], you are now logged in";
			session_start();
			$_SESSION['loggedin'] = "true";
			$_SESSION['username'] = $username;
		} else {
			echo "Invalid username/password";
		}
	}
?>