<?php
session_start();
require_once "conexion-bd.php";

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = $conn->real_escape_string($_POST['email']);
    $password = $_POST['password'];

    $sql = "SELECT * FROM vendedores WHERE email = '$email' LIMIT 1";
    $result = $conn->query($sql);

    if ($result && $result->num_rows === 1) {
        $usuario = $result->fetch_assoc();

        if ($password === $usuario['password']) {
            $_SESSION['vendedor_id'] = $usuario['id'];
            $_SESSION['vendedor_nombre'] = $usuario['nombre'];
            header("Location: ../inicio.html");
            exit();
        } else {
            header("Location: main.html?error=" . urlencode("Credenciales incorrectas."));
            exit();
        }
    } else {
        header("Location: login.html?error=" . urlencode("Usuario no encontrado."));
        exit();
    }
}
?>