<?php
include("config.php");
if (isset($_POST['POST_login'])) {
    global $conn;
    $u_username = trim(strip_tags(htmlspecialchars($_POST['username'])));
    $u_password = trim(strip_tags(htmlspecialchars($_POST['password'])));
    $h_password = hash('sha256', $u_password);
 
    $query = "SELECT * FROM `users` WHERE `username` = '".$u_username."'";
    $result = $conn->query($query);
 
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            if ($h_password != $row['password']) {
                echo "[wrong_pass]";
            } else {
                echo "[ok]";
            }
        }
    } else {
        echo "[incorrect]";
    }   
} else {
    echo "[no_perm]";
}