auth.php

<?php
header("Content-type:application/json;charset=utf-8");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
$token  = $_POST["token"];
$action = strtolower($_POST["action"]);
if ($token === "SUPER_SECRET_TOKEN") {
    if ($action === "register") {
        $username = strtolower($_POST["username"]);
        $password = $_POST["password"];
        if (empty($username)) {
            $error[] = "EMPTY_USERNAME";
        }
        if (empty($password)) {
            $error[] = "EMPTY_PASSWORD";
        }
        if (!empty($username)) {
            if (strlen($username) > 15) {
                $error[] = "USERNAME_TOOLONG";
            }
            if (!ctype_alnum($username)) {
                $error[] = "INVALID_USERNAME";
            }
            if (file_exists("accounts/$username.json")) {
                $error[] = "USERNAME_TAKEN";
            }
        }
        if (isset($error)) {
            $array = array(
                "error" => $error
            );
        } else {
            $passwordHash  = password_hash($password, PASSWORD_DEFAULT);
            $registerArray = array(
                "passwordHash" => $passwordHash
            );
            if (!file_exists("accounts")) {
                mkdir("accounts", 0777, true);
            }
            $memberFile = fopen("accounts/$username.json", "w");
            $data       = json_encode($registerArray, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
            fwrite($memberFile, $data);
            fclose($memberFile);
            $array = array(
                "error" => false
            );
        }
    } elseif ($action === "login") {
        $username = strtolower($_POST["username"]);
        $password = $_POST["password"];
        if (file_exists("accounts/$username.json")) {
            $memberFile   = file_get_contents("accounts/$username.json");
            $json         = json_decode($memberFile, TRUE);
            $passwordHash = $json["passwordHash"];
        }
        if (empty($username)) {
            $error[] = "EMPTY_USERNAME";
        }
        if (empty($password)) {
            $error[] = "EMPTY_PASSWORD";
        }
        if (!empty($username) && !empty($password)) {
            if (!file_exists("accounts/$username.json")) {
                $error[] = "NONEXISTANT_USERNAME";
            }
            if (!password_verify($password, $passwordHash)) {
                $error[] = "INVALID_LOGIN";
            }
        }
        if (isset($error)) {
            if (password_needs_rehash($passwordHash, PASSWORD_DEFAULT)) {
                $newHash       = password_hash($password, PASSWORD_DEFAULT);
                $registerArray = array(
                    "passwordHash" => $newHash
                );
                $memberFile    = fopen("accounts/$username.json", "w");
                $data          = json_encode($registerArray, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
                fwrite($memberFile, $data);
                fclose($memberFile);
            }
            $array = array(
                "error" => $error
            );
        } else {
            $array = array(
                "error" => false
            );
        }
    } else {
        $array = array(
            "error" => "INVALID_ACTION"
        );
    }
} else {
    $array = array(
        "error" => "INVALID_TOKEN"
    );
}
echo json_encode($array, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
?>