<?php
session_start();
include('admin/config/dbcon.php');

if (isset($_POST['login_btn'])) {

    $email = mysqli_real_escape_string($con, $_POST['email']);
    $password = mysqli_real_escape_string($con, $_POST['password']);

    // $secretKey = "6Lf8coEqAAAAABhlnFZZAv7ONSOc7nD14gRTKeCU";
    // $responseKey = $_POST['g-recaptcha-response'];
    // $userIP = $_SERVER['REMOTE_ADDR'];

    // Make a request to verify the reCAPTCHA
    // $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP");
    // $responseKeys = json_decode($response, true);


    /* if (intval($responseKeys["success"]) !== 1) {
            // Verification failed
            
         //   echo "<script>alert('reCAPTCHA verification failed. Please try again.')</script>";
            $_SESSION['message'] = "reCAPTCHA verification failed. Please try again.";
            header("Location: login.php");
            exit(0); 
        }  */


    
    
    $login_query = "SELECT * FROM users WHERE email = '$email' LIMIT 1";


    $login_query_run = mysqli_query($con, $login_query);




    if (mysqli_num_rows($login_query_run) > 0) {
        foreach ($login_query_run as $data) {
            $user_id = $data['id'];
            $user_name = $data['fname'] . ' ' . $data['lname'];
            $user_email = $data['email'];
            $role_as = $data['role_as'];
            $fetch_password = $data['password'];
        }
        
        

        if (!password_verify($password, $fetch_password)) {
           
            $_SESSION['message'] = "Password Not Matching";
            // echo $_SESSION['message'];
            // die();
            header("Location: login.php");
            // echo "<script>window.top.location='login.php';</script>";
            exit(0);
        }


        //$hash = password_hash($_POST['password'], PASSWORD_DEFAULT);    


        $_SESSION['auth'] = true;
        $_SESSION['auth_role'] = $role_as; //1= admin, 0=user, 2= super admin
        $_SESSION['auth_user'] =     [
            'user_id' => $user_id,
            'user_name' => $user_name,
            'user_email' => $user_email,
        ];
        
        
        

        if (($_SESSION['auth_role']) == '1') // 1 Admin 
        {
            $_SESSION['message'] = "Welcome to Dashboard";
            header("Location: admin/index.php");
            exit(0);
        } elseif (($_SESSION['auth_role']) == '2') //2 Super admin
        {

            $_SESSION['message'] = "Welcome to Dashboard";
            
            // header("Location: admin/index.php");
            echo "<script>window.top.location='admin/index.php';</script>";
            
        } elseif (($_SESSION['auth_role']) == '0') //user
        {
            $_SESSION['message'] = "You are logged In";
            header("Location: index.php");
            exit(0);
        } else {
            $_SESSION['message'] = "You are logged In";
            header("Location: index.php");
            exit(0);
        }
    } else {
        $_SESSION['message'] = "Invalid Email or Password";
        header("Location: login.php");
        exit(0);
    }
} else {
    $_SESSION['message'] = "You are not allowed to access this file";
    header("Location: login.php");
    exit(0);
}