<?php
session_start();
if ((empty($_SESSION['check_word'])) || (empty($_POST['captcha']))) {
    die("請填寫驗證碼");    
}else{
    if ($_SESSION['check_word'] != $_POST['captcha']) {
        die("驗證碼錯誤，請重新輸入");
    }
}

/*$DATABASE_HOST = '10.1.1.202:8080';
$DATABASE_USER = 'maabim';
$DATABASE_PASS = 'maabim001';
$DATABASE_NAME = 'phplogin';*/
$hostname = "GMGIS\SQLEXPRESS"; //test server 201
$username = 'BIMuser';
$password = 'Component3444';
$db_name = 'BIMComponents';


try {
    $pdo = new PDO('sqlsrv:Server='.$hostname.';Database='.$db_name,$username,$password);
    $pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    echo $e;
    echo json_encode('Error connecting to the server.');
    die ();
}
$sth = $pdo->prepare("SELECT * FROM [BIMComponents].[dbo].[User_Account] WHERE [account] = ?;");
$sth->execute(array($_POST['username']));

if (!isset($_POST['username'], $_POST['password'])) {
    exit('Please fill both the username and password fields!');
}
$i = 0;

$query = $sth->fetchAll();
foreach ($query as $row){
    $i++;
    if (md5($_POST['password']) == $row["userPassword"]) {
        session_regenerate_id();
        $_SESSION['loggedin'] = TRUE;
        $_SESSION['name'] = $row["account"];
        $_SESSION['id'] = $row["userID"];
        $_SESSION['check_word'] = '';
        echo 'success';
    } else {
        echo '密碼錯誤，請重新輸入';
    }
}
if ($i == 0) {
    echo '帳號不存在，請再次檢查';
}

$sth = null;
$pdo = null;