<?php

require_once 'db.php';

function check_auth() {
  if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    die("You hit cancel");
  }
  $db = get_db();
  $authStmt = $db->prepare('select count(*) as count, username from users where username = :username AND password = :password;');
  $authStmt->bindValue(':username', $_SERVER['PHP_AUTH_USER']);
  $authStmt->bindValue(':password', $_SERVER['PHP_AUTH_PW']);
  $result = $authStmt->execute();
  if ($result->fetchArray()[0] != 1) {
    unauthorized_die();
  }
  return $_SERVER['PHP_AUTH_USER'];
}

function unauthorized_die() {
  header('Location: unauthorized.php');
  die('Unauthorized');
}