local db = sqlite("dk")

local username = string.trim(ctx.form.username)
if username == "" or not db:exists("users", "username = :u", {u = username}) then
	return "username required and must exist"
end

if ctx.form.password == "" then
	return "password required"
end

local user_row = db:get_one("SELECT id, username, password, auth_level FROM users WHERE username = :u", {u = username})
if not password.verify(ctx.form.password, user_row.password) then
	return "wrong username or password"
end

local token = util.generate_token()
local expires = os.time() + (30 * 24 * 60 * 60) -- 30 days
db:insert("user_sessions", {
	user_id = user_row.id,
	token = token,
	expires = expires
})

cookie.set("dkauth", token, { expires = expires })

session.set("logged_in", true)
session.set("user_id", user_row.id)
session.set("auth_level", user_row.auth_level)

return "Logged in!"