Untitled

<?php
include 'db_connection.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $data = json_decode(file_get_contents('php://input'));

    if (isset($data->username) && isset($data->password)) {
        $username = $data->username;
        $password = $data->password;

        // Perform a SQL query to check if the username and password match a record in the database.
        $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
        $result = $connection->query($sql);

        if ($result->num_rows === 1) {
            // User found, return user data as JSON.
            $user = $result->fetch_assoc();
            echo json_encode($user);
        } else {
            // User not found.
            http_response_code(401); // Unauthorized
            echo json_encode(["message" => "Invalid credentials"]);
        }
    } else {
        http_response_code(400); // Bad Request
        echo json_encode(["message" => "Missing username or password"]);
    }
} else {
    http_response_code(405); // Method Not Allowed
    echo json_encode(["message" => "Method not allowed"]);
}

$connection->close();
?>