Password working
diff --git a/ajax/getusers.php b/ajax/getusers.php
index cb8520d..4973cf7 100644
--- a/ajax/getusers.php
+++ b/ajax/getusers.php
@@ -1,5 +1,11 @@
+<option>Selecciona usuari...</option>
+
<?php
require '../php/utils.php';
+
$users = get_users(0);
- foreach ($users as $user) echo "<option value='".$user->id."'>".$user->nomcomplet."</option>\n";
+ foreach ($users as $user) {
+ $nopassword = $user->md5password == "" ? "nopassword" : "";
+ echo "<option class='".$nopassword."' value='".$user->id."'>".$user->nomcomplet."</option>\n";
+ }
?>
diff --git a/ajax/userinfo.php b/ajax/userinfo.php
index 686287d..6a36742 100644
--- a/ajax/userinfo.php
+++ b/ajax/userinfo.php
@@ -2,12 +2,14 @@
require '../php/utils.php';
$user = get_users($_POST['id']);
+ $text_columns = ["nomcomplet", "md5password"];
+
echo '{ ';
$first = true;
foreach ($user as $prop => $value) {
if (!$first) echo ', ';
else $first = false;
- if ($prop == "nomcomplet") echo '"'.$prop.'": "'.$value.'"';
+ if (in_array($prop, $text_columns)) echo '"'.$prop.'": "'.$value.'"';
else echo '"'.$prop.'": '.$value;
}
echo ' }';
diff --git a/css/basic.css b/css/basic.css
index 4a80ca8..db745c4 100644
--- a/css/basic.css
+++ b/css/basic.css
@@ -17,4 +17,8 @@
#inner-container {
background-color: rgba(255,255,255, 0.8);
padding: 5%;
-}
\ No newline at end of file
+}
+
+.hidden {
+ display: none;
+}
diff --git a/index.php b/index.php
index d5ff246..6c1f7c7 100644
--- a/index.php
+++ b/index.php
@@ -16,6 +16,7 @@
<select name="user" id="list">
</select>
+ <input disabled required placeholder="Clau d'accés..." id="password" type="password" name="password"/>
<input type="submit" value="Entrar" />
</form>
</div>
@@ -25,6 +26,11 @@
$.post("./ajax/getusers.php", function(data, status){
$("#list").html(data);
});
+
+ $('select').on('change', function() {
+ let nopassword = $('select option:selected').hasClass('nopassword');
+ $('#password').prop('disabled', nopassword);
+ });
</script>
</body>
</html>
diff --git a/js/utils.js b/js/utils.js
index 4795075..b4795ce 100644
--- a/js/utils.js
+++ b/js/utils.js
@@ -46,6 +46,7 @@
$.ajax({
url: "./ajax/userinfo.php",
data: { id: user.id },
+ dataType: 'text',
type: 'POST',
success: function(response, status, xhr) {
let info = JSON.parse(response);
diff --git a/main.php b/main.php
index aa6d102..8c15ac3 100644
--- a/main.php
+++ b/main.php
@@ -43,8 +43,18 @@
<div id="outter-container">
<div id="inner-container">
<h2>Hola <name id="user_name"><?=$user->nom()?></name>,</h2>
+
+ <div class="formulari_contrasenya <?=$user->md5password=="" ? 'show' : 'hidden'?>">
+ <p>Sembla que no tens contrasenya, la gent podrà entrar a la teva compta...</p>
+ <form action="./php/change_password.php" method="POST">
+ <input type="hidden" value="<?=$_COOKIE['user']?>" name="userid">
+ <input type="password" placeholder="Nova contrasenya..." name="password" /><br />
+ <input type="password" placeholder="Repeteix la contrasenya" name="confirmation"/><br />
+ <input type="submit">
+ </form>
+ </div>
+
<h3>La teva víctima és:</h3>
- <div id="state">0</div>
<div class="victima">
<img width="300px" src="./imgs/<?=$victim->id?>.png" />
diff --git a/php/change_password.php b/php/change_password.php
new file mode 100644
index 0000000..ce157f7
--- /dev/null
+++ b/php/change_password.php
@@ -0,0 +1,19 @@
+<?php
+ require 'utils.php';
+
+ // Check if confirmation is the same
+ if ($_POST['password'] != $_POST['confirmation']) {
+ header("Location: ../main.php?wrong_password=1");
+ die();
+ } else {
+ // Execute query to change password
+ $update_password = "UPDATE users SET password=\"".md5($_POST['password'])."\" WHERE id=".$_POST['userid'];
+ if(!$result = query($update_password)) header("Location: ../main.php?errordb=1");
+
+ // Save 'password' to cookies
+ setcookie('password', md5($_POST['password']), time() + (86400 * 10), "/");
+
+ // Go back to main page
+ header("Location: ../main.php?successpassword=1");
+ }
+?>
diff --git a/php/login.php b/php/login.php
index 851f412..3ebd0c5 100644
--- a/php/login.php
+++ b/php/login.php
@@ -2,14 +2,34 @@
require 'utils.php';
// Set the 'user' POST and COOKIE variable
- if (isset($_POST['user'])) {
- setcookie('user', $_POST['user'], time() + (86400 * 10), "/");
- } else if (isset($_COOKIE['user']) && !isset($_POST['user'])) {
- $_POST['user'] = $_COOKIE['user'];
- } else if (!isset($_COOKIE['user']) && !isset($_POST['user'])) {
- header("Location: ./index.php");
+ $user = '';
+ if (isset($_POST['user'])) $user = $_POST['user'];
+ else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
+ else {
+ header("Location: ../index.php");
die();
}
+ // Check if password is correct
+ $query_password = "SELECT password FROM users WHERE id=".$user;
+ $real_password = query($query_password)->fetch_row()[0];
+
+ // Prioritize input rather than memory
+ $password = '';
+ if (isset($_POST['password'])) $password = $_POST['password'];
+ else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
+
+ // Redirect if wrong
+ if ($real_password != "" && $real_password != md5($password)) {
+ header("Location: ../index.php?wrongpassword=1");
+ die();
+ }
+
+ // Save variables as cookies
+ setcookie('user', $user, time() + (86400 * 10), "/");
+ if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
+ else setcookie('password', '', -1, "/");
+
+ // Success, proceed to main page
header("Location: ../main.php");
?>
diff --git a/php/request.php b/php/request.php
index f010b36..aca3540 100644
--- a/php/request.php
+++ b/php/request.php
@@ -1,33 +1,20 @@
<?php
- // Define MySQL login variables
- $servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
- $username = "root"; // "andreu";
- $password = ""; // "1234";
- $dbname = "pastanaga"; // "fme_2019";
+ require 'utils.php';
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
- $conn->set_charset("utf8");
-
// Do the query
$queries = [""];
-
$victimid = "ANY (SELECT quimata FROM users WHERE id=".(int)$_POST['user_id'].")";
- if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; // request kill
- if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
- if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
+ if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; // request kill
+ if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
+ if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
if ($_POST['msg'] == "CONF DEAD") {
- $queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
- "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
+ $queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
+ "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
}
// Fetch the information of the user
foreach ($queries as $query) {
- if ($query != "" and $result = $conn->query($query)) echo $query;
+ if ($query != "" and $result = query($query)) echo $query;
else die("Wrong query: " . $query);
}
-
- // Close connection
- $conn->close();
?>
diff --git a/php/utils.php b/php/utils.php
index fd8d731..084c41c 100644
--- a/php/utils.php
+++ b/php/utils.php
@@ -12,9 +12,7 @@
}
}
- function get_users($id = 0) {
- $users = [];
-
+ function query($query) {
// Define MySQL login variables
$servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
$username = "root"; // "andreu";
@@ -26,12 +24,25 @@
if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
$conn->set_charset("utf8");
- // Do the query
+ // Execute query and save result
+ $result = $conn->query($query);
+
+ // Close the connection
+ $conn->close();
+
+ // Return result of query
+ return $result;
+ }
+
+ function get_users($id = 0) {
+ $users = [];
+
+ // Prepare the query
$query = "SELECT * FROM users";
if ($id > 0) $query .= " WHERE id=".$id;
// Fetch the information of the user
- if ($result = $conn->query($query)) {
+ if ($result = query($query)) {
while ($row = $result->fetch_row()) {
$user = new User();
@@ -42,6 +53,7 @@
$user->quimata = $row[4];
$user->requested = $row[5];
$user->mort = $row[6];
+ $user->md5password = $row[7];
array_push($users, $user);
}
@@ -49,9 +61,6 @@
} else {
die("Wrong query: " . $query);
}
-
- // Close connection
- $conn->close();
if ($id > 0) return $users[0];
else return $users;