user create and login

user.php

 
 function hash_password($password)
 {
-  return md5($password);
+  return sha1($password);
 }
 
 function user_create()
     error(409, "Username already exists");
   database_exec("INSERT INTO users (`username`, `password`) ".
     "VALUES(:username, :password)", array(":username" => $username,
-    ":password" => hash_password($password)));
+      ":password" => hash_password($password)));
   user_login($username);
 }
 
-function user_login($username = false )
+function user_login($username = false)
 {
+  $args = null;
+  $query = "SELECT `id` FROM users WHERE `username` = :username";
   if ($username === false)
   {
     $username = get_post("username");
-    $password = get_post("password");
+    $args = array(":username" => $username,
+      ":password" => hash_password(get_post("password")));
+    $query = $query . " AND `password` = :password";
   }
+  else
+    $args = array(":username" => $username);
+  $u = database_exec($query, $args)->fetch();
+  if ($u === false)
+    error(401, "Wrong username or password");
+  $token = hash_password(uniqid(mt_rand(), true));
+  database_exec("INSERT INTO tokens (`token`, `user`) VALUES (:token, :user)",
+    array(":token" => $token, ":user" => $u['id']));
+  echo json_encode(array("username" => $username, "id" => $u["id"],
+    "token" => $token));
 }
 ?>