<?php
header("Content-Type: application/json");
include "db.php"; // make sure db.php connects to your MySQL

// Get posted data
$data = json_decode(file_get_contents("php://input"), true);
$username = $data["username"] ?? "";
$password = $data["password"] ?? "";

// Validate
if (!$username || !$password) {
    echo json_encode(["success" => false, "error" => "Missing credentials"]);
    exit;
}

// Check in DB
$stmt = $conn->prepare("SELECT id, username, role, phone FROM users WHERE username=? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$result = $stmt->get_result();

if ($row = $result->fetch_assoc()) {
    echo json_encode([
        "success" => true,
        "user" => $row
    ]);
} else {
    echo json_encode(["success" => false, "error" => "Invalid username or password"]);
}