<?php 
session_start();

header("Content-Type: text/xml");
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

require_once('check_user.php');

echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
echo "<root>\n";

if (isset($_POST['login']))
{
  if(check_user($_POST['username'], $_POST['password']))
  {
    $_SESSION['logged_in'] = true;
    $_SESSION['username'] = $_POST['username'];
  }
  else
  {
    echo '<error string="'.'Ihre Anmeldedaten waren nicht korrekt!'.'" />'."\n";
  }
}
else if (isset($_POST['logout']))
{
  session_destroy();
  $_SESSION['logged_in'] = false;
}

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in']) 
{
  echo '<status code="'.'logged_in'.'" />'."\n";
  echo '<username name="'.$_SESSION['username'].'" />'."\n";
}
else
{
  echo '<status code="'.'logged_out'.'" />'."\n";
}
echo "</root>";