sd-spreadsheet/www/api/login.php

<?php

include '../../db.php';

@session_start();


//pull auth parameters
$email = isset($_REQUEST['email']) ? $_REQUEST['email'] : null;
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null;

//make sure parameters are present
if(!$email || !$password)
{
	http_response_code(400);
	echo 'missing parameters: email or password';
	return;
}

//pull info on user from database
$stmt_file = $dbh->prepare("SELECT id_user, name, password FROM user WHERE email=:email");
$stmt_file->bindValue(':email', $email);
$stmt_file->execute();
$rows = $stmt_file->fetchAll(PDO::FETCH_ASSOC);

//check if user missing
if(!count($rows))
{
	http_response_code(404);
	echo 'user not found';
	return;
}

//validate password entered
if(!password_verify($password, $rows[0]['password']))
{
	http_response_code(403);
	echo 'invalid password';
	return;
}

//set session vars for future calls
$_SESSION['id_user'] = $rows[0]['id_user'];
$_SESSION['name'] = $rows[0]['name'];

//
echo 'OK';


?>