<?php
defined('APP_DIR') or define('APP_DIR', __DIR__ . '/../app/');
include_once(APP_DIR . 'model/User.php');
include_once(APP_DIR . 'include/http.php');

$data = User::authenticated();
if (!$data || $data->access != 'admin') {
    Http::redirect('index.php');
}

/* TODO: Validate input */
$params = Http::post_params();
$user = new User;
$user->username = $params['username'];
$user->password = password_hash($params['password'], PASSWORD_DEFAULT);
$user->access = $params['access'];
$user->save();

Http::redirect('admin.php');
?>