i finally committed i guess

Signed-off-by: boris <boris@borishub.co.uk>

api/login.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ * Login API endpoint
+ * 
+ * This endpoint handles user authentication and returns a JWT token
+ * if the credentials are valid.
+ */
+
+require_once('../Models/User.php');
+
+// Set content type to JSON
+header('Content-Type: application/json');
+
+// Only allow POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['error' => 'Method not allowed']);
+    exit;
+}
+
+// Get JSON request body
+$json = file_get_contents('php://input');
+$data = json_decode($json, true);
+
+// Validate request data
+if (!$data || !isset($data['username']) || !isset($data['password'])) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Invalid request data']);
+    exit;
+}
+
+// Authenticate user
+$user = new User();
+$token = $user->Authenticate($data['username'], $data['password']);
+
+if ($token) {
+    // Authentication successful
+    echo json_encode([
+        'success' => true,
+        'token' => $token,
+        'user' => [
+            'id' => $user->getUserId(),
+            'username' => $user->getUsername(),
+            'accessLevel' => $user->getAccessLevel()
+        ]
+    ]);
+} else {
+    // Authentication failed
+    http_response_code(401);
+    echo json_encode(['error' => 'Invalid credentials']);
+}