More improvements to security

Change-Id: Ib864df3b2d36f22a1e070829aabbaa8c1ce7bd4c
diff --git a/main.php b/main.php
index ac913a3..c63556a 100644
--- a/main.php
+++ b/main.php
@@ -59,7 +59,7 @@
 	<body>
 		<div id="outter-container">
 			<div id="inner-container">
-				<a href="./" class="goback">Canvi d'usuari</a><br />
+				<a href="/php/logout.php" class="goback">Tancar sessió</a><br />
 				<h2>Hola <name id="user_name"><?=Security::htmlsafe($user->nom())?></name>,</h2>
 
 				<div class="formulari_contrasenya">
diff --git a/php/change_password.php b/php/change_password.php
index 50eb9c1..17d64bd 100644
--- a/php/change_password.php
+++ b/php/change_password.php
@@ -1,6 +1,9 @@
 <?php
 	require '../credentials.php';
 	require 'utils.php';
+	require (dirname(__FILE__)."/security.php");
+
+	Security::checkIsSignedIn();
 
 	$credentials = new Credentials();
 	$usersdb = $credentials->usersdb;
@@ -11,15 +14,15 @@
 	if ($_POST['password'] != $_POST['confirmation']) {
 		header("Location: /main.php?wrongconfirmation=1");
 		exit();
+	} else if ($_POST['password'] == '') {
+		header("Location: /main.php");
+		exit();
 	} else {
 		// Execute query to change password
 		$spassword = mysqli_real_escape_string($conn, password_hash($_POST["password"], PASSWORD_DEFAULT));
-		$update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_POST['userid'];
+		$update_password = "UPDATE $usersdb SET password=\"".$spassword."\" WHERE id=".(int)$_SESSION['id'];
 		if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>");
-		
-		// Sign in
-		$_SESSION["id"] = (int)$_POST['userid'];
-		
+
 		// Go back to main page
 		header("Location: /main.php?successpassword=1");
 		exit();
diff --git a/php/logout.php b/php/logout.php
new file mode 100644
index 0000000..5d8f14a
--- /dev/null
+++ b/php/logout.php
@@ -0,0 +1,5 @@
+<?php
+	require_once("security.php");
+
+	Security::logout();
+	Security::goHome();