<?php
// (A) START SESSION
session_start();

// (B) PROCESS LOGIN
if (isset($_POST["user"]) && !isset($_SESSION["user"])) {
  // (B1) USERS & PASSWORDS - SET YOUR OWN !
  $users = [
    "joe" => "123456",
    "jon" => "654321",
    "Bruno" => "$2y$10$3yvUbJoB3ZT/H9SdZLxLYuLjFkgbGtlNkfnn2N4IaMvh9gNyZN9d."
  ];
  
  //echo password_hash("tmyqFG*K-tnMccapTXW3", PASSWORD_DEFAULT);


  // (B2) CHECK & VERIFY
  if (password_verify($_POST["password"], $users[$_POST["user"]])) {
  //if (isset($users[$_POST["user"]]) && $users[$_POST["user"]] == $_POST["password"]) {
    $_SESSION["user"] = $_POST["user"];
  }

  // (B3) FAILED LOGIN FLAG
  if (!isset($_SESSION["user"])) { $failed = true; }
}

// (C) REDIRECT TO HOME PAGE IF SIGNED IN - SET YOUR OWN !
if (isset($_SESSION["user"])) {
  $page = 'admin.php';  
  header("Location: $page");
  exit();
}