first pass at login/logout handling

src/webserver/auth/login.php

@@ -0,0 +1,66 @@
+<?php
+    session_start();
+
+    $db_path = realpath(dirname(__FILE__) . '/../config/db.php');
+    require_once($db_path);
+    require_once(realpath(dirname(__FILE__) . '/../header.php'));
+?>
+
+<h1>All Whomst Wander</h1>
+
+<h2>Login</h2>
+
+<?php
+    $errors = [];
+    if (!isset($_SESSION['nickname']) && !isset($_POST['nickname'])) {
+	// display login form
+	loginForm();
+    } else {
+	if (!isset($_POST['nickname']) || trim($_POST['nickname']) === '') {
+	    array_push($errors, "Your username is required to login.");
+	} else {
+	    $login_stmt = $conn->prepare("SELECT * FROM Players p JOIN PlayerAuth pa ON p.id = pa.player_id WHERE p.nickname = :nickname AND p.is_active");
+	    if ($login_stmt) {
+	        $login_stmt->bindValue(':nickname', $_POST['nickname']);
+		$login_result = $login_stmt->execute();
+		if ($login_result) {
+		    $player_record = $login_result->fetchArray();
+		    if ($player_record) {
+			if (!password_verify($_POST['password'], $player_record['hashed_pw'])) {
+			    array_push($errors, "No user found with that username and password.");
+			} else {
+			    $_SESSION['nickname'] = $player_record['nickname'];
+			    $_SESSION['player_id'] = $player_record['id'];
+			}
+		    } else {
+		        array_push($errors, "No user found with that username.");
+		    }
+		}
+	    }
+	} 
+
+	if (sizeof($errors) > 0) {
+	    foreach ($errors as $e) {
+	        echo "<p>" . $e . "</p>\n";
+	    }
+	    echo "<p><a href='register.php'>Register a new account</a>, <a href='forgot_pw.php'>reset your password</a>, or try again.</p>";
+	    loginForm();
+	} else {
+            echo "<p>You are now logged in as <strong>" . $_SESSION['nickname'] . "</strong></p>\n";
+	    echo "<p><a href='/../play/index.php'>Play now</a></p>\n";
+	    echo "<p><a href='logout.php'>Log out</a></p>\n";
+	}
+    }	    
+	    
+    require_once(realpath(dirname(__FILE__) . '/../footer.php'));
+
+    function loginForm() {
+?>
+    <form method="POST" action="login.php" />
+        <p><label for="nickname">Your username: </label><input type="text" name="nickname" id="nickname" /></p>
+        <p><label for="password">Your password: </label><input type="password" name="password" id="password" /></p>
+        <p><input type="submit" value="Log In!" /></p>
+    </form>
+<?php
+    }
+?>

src/webserver/auth/logout.php

@@ -0,0 +1,34 @@
+
+<?php
+// Initialize the session.
+// If you are using session_name("something"), don't forget it now!
+session_start();
+
+// Unset all of the session variables.
+$_SESSION = array();
+
+// If it's desired to kill the session, also delete the session cookie.
+// Note: This will destroy the session, and not just the session data!
+if (ini_get("session.use_cookies")) {
+    $params = session_get_cookie_params();
+    setcookie(session_name(), '', time() - 42000,
+        $params["path"], $params["domain"],
+        $params["secure"], $params["httponly"]
+    );
+}
+
+// Finally, destroy the session.
+session_destroy();
+    
+require_once(realpath(dirname(__FILE__) . '/../header.php'));
+?>
+
+<h1>All Whomst Wander</h1>
+
+<h2>Log Out</h2>
+
+<p>Thanks for playing! You are now logged out. <a href='login.php'>Log In</a></p>
+
+<?php
+    require_once(realpath(dirname(__FILE__) . '/../footer.php'));
+?>

src/webserver/index.php

@@ -0,0 +1,19 @@
+<?php
+    session_start();
+
+    require_once(realpath(dirname(__FILE__) . '/header.php'));
+?>
+
+<h1>All Whomst Wander</h1>
+
+<?php
+    if ($_SESSION && $_SESSION['nickname'] && $_SESSION['nickname'] !== "") {
+        echo "<p>You are logged in as <strong>" . $_SESSION['nickname'] . "</strong>. <a href='auth/logout.php'>Log out</a></p>";
+    } else {
+        echo "<p>You are not logged in. <a href='auth/login.php'>Log in</a></p>";
+    }
+
+    require_once(realpath(dirname(__FILE) . '/footer.php'));
+?>
+
+