commit 20cbd1d8eede313b25418e2a13e214bc671768ba
author Andreu <andreuhuguet@gmail.com> Sun Sep 22 00:00:57 2019 +0200
committer Andreu <andreuhuguet@gmail.com> Sun Sep 22 00:00:57 2019 +0200
tree 9c19c7875401e61542a93d19ebd419c31573e6c3
parent 09b8b051c863d1aa05983cf6ecfe64d35287cfe8

Password working

ajax/getusers.php

diff --git a/ajax/getusers.php b/ajax/getusers.php
index cb8520d..4973cf7 100644
--- a/ajax/getusers.php
+++ b/ajax/getusers.php
@@ -1,5 +1,11 @@
+<option>Selecciona usuari...</option>
+
 <?php
 	require '../php/utils.php';
+	
 	$users = get_users(0);
-	foreach ($users as $user) echo "<option value='".$user->id."'>".$user->nomcomplet."</option>\n";
+	foreach ($users as $user) {
+		$nopassword = $user->md5password == "" ? "nopassword" : "";
+		echo "<option class='".$nopassword."' value='".$user->id."'>".$user->nomcomplet."</option>\n";
+	}
 ?>

ajax/userinfo.php

diff --git a/ajax/userinfo.php b/ajax/userinfo.php
index 686287d..6a36742 100644
--- a/ajax/userinfo.php
+++ b/ajax/userinfo.php
@@ -2,12 +2,14 @@
 	require '../php/utils.php';
 	$user = get_users($_POST['id']);
 	
+	$text_columns = ["nomcomplet", "md5password"];
+	
 	echo '{ ';
 	$first = true;
 	foreach ($user as $prop => $value) {
 		if (!$first) echo ', ';
 		else $first = false;
-		if ($prop == "nomcomplet") echo '"'.$prop.'": "'.$value.'"';
+		if (in_array($prop, $text_columns)) echo '"'.$prop.'": "'.$value.'"';
 		else echo '"'.$prop.'": '.$value;
 	}
 	echo ' }';

css/basic.css

diff --git a/css/basic.css b/css/basic.css
index 4a80ca8..db745c4 100644
--- a/css/basic.css
+++ b/css/basic.css
@@ -17,4 +17,8 @@
 #inner-container {
 	background-color: rgba(255,255,255, 0.8);
 	padding: 5%;
-}
\ No newline at end of file
+}
+
+.hidden {
+	display: none;
+}

index.php

diff --git a/index.php b/index.php
index d5ff246..6c1f7c7 100644
--- a/index.php
+++ b/index.php
@@ -16,6 +16,7 @@
 					<select name="user" id="list">
 					</select>
 					
+					<input disabled required placeholder="Clau d'accés..." id="password" type="password" name="password"/>
 					<input type="submit" value="Entrar" />
 				</form>
 			</div>
@@ -25,6 +26,11 @@
 			$.post("./ajax/getusers.php", function(data, status){
 				$("#list").html(data);
 			});
+			
+			$('select').on('change', function() {
+				let nopassword = $('select option:selected').hasClass('nopassword');
+				$('#password').prop('disabled', nopassword);
+			});
 		</script>
 	</body>
 </html>

js/utils.js

diff --git a/js/utils.js b/js/utils.js
index 4795075..b4795ce 100644
--- a/js/utils.js
+++ b/js/utils.js
@@ -46,6 +46,7 @@
 	$.ajax({
 		url: "./ajax/userinfo.php",
 		data: { id: user.id },
+		dataType: 'text',
 		type: 'POST',
 		success: function(response, status, xhr) {
 			let info = JSON.parse(response);

main.php

diff --git a/main.php b/main.php
index aa6d102..8c15ac3 100644
--- a/main.php
+++ b/main.php
@@ -43,8 +43,18 @@
 		<div id="outter-container">
 			<div id="inner-container">
 				<h2>Hola <name id="user_name"><?=$user->nom()?></name>,</h2>
+						
+				<div class="formulari_contrasenya <?=$user->md5password=="" ? 'show' : 'hidden'?>">
+					<p>Sembla que no tens contrasenya, la gent podrà entrar a la teva compta...</p>
+					<form action="./php/change_password.php" method="POST">
+						<input type="hidden" value="<?=$_COOKIE['user']?>" name="userid">
+						<input type="password" placeholder="Nova contrasenya..." name="password" /><br />
+						<input type="password" placeholder="Repeteix la contrasenya" name="confirmation"/><br />
+						<input type="submit">
+					</form>
+				</div>
+				
 				<h3>La teva víctima és:</h3>
-				<div id="state">0</div>
 				
 				<div class="victima">
 					<img width="300px" src="./imgs/<?=$victim->id?>.png" />

php/change_password.php

diff --git a/php/change_password.php b/php/change_password.php
new file mode 100644
index 0000000..ce157f7
--- /dev/null
+++ b/php/change_password.php
@@ -0,0 +1,19 @@
+<?php
+	require 'utils.php';
+
+	// Check if confirmation is the same
+	if ($_POST['password'] != $_POST['confirmation']) {
+		header("Location: ../main.php?wrong_password=1");
+		die();
+	} else {
+		// Execute query to change password
+		$update_password = "UPDATE users SET password=\"".md5($_POST['password'])."\" WHERE id=".$_POST['userid'];
+		if(!$result = query($update_password)) header("Location: ../main.php?errordb=1");
+		
+		// Save 'password' to cookies
+		setcookie('password', md5($_POST['password']), time() + (86400 * 10), "/");
+		
+		// Go back to main page
+		header("Location: ../main.php?successpassword=1");
+	}
+?>

php/login.php

diff --git a/php/login.php b/php/login.php
index 851f412..3ebd0c5 100644
--- a/php/login.php
+++ b/php/login.php
@@ -2,14 +2,34 @@
 	require 'utils.php';
 	
 	// Set the 'user' POST and COOKIE variable
-	if (isset($_POST['user'])) {
-		setcookie('user', $_POST['user'], time() + (86400 * 10), "/");
-	} else if (isset($_COOKIE['user']) && !isset($_POST['user'])) {
-		$_POST['user'] = $_COOKIE['user'];
-	} else if (!isset($_COOKIE['user']) && !isset($_POST['user'])) {
-		header("Location: ./index.php");
+	$user = '';
+	if (isset($_POST['user'])) $user = $_POST['user'];
+	else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
+	else {
+		header("Location: ../index.php");
 		die();
 	}
 	
+	// Check if password is correct
+	$query_password = "SELECT password FROM users WHERE id=".$user;
+	$real_password = query($query_password)->fetch_row()[0];
+	
+	// Prioritize input rather than memory
+	$password = '';
+	if (isset($_POST['password'])) $password = $_POST['password'];
+	else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
+	
+	// Redirect if wrong
+	if ($real_password != "" && $real_password != md5($password)) {
+		header("Location: ../index.php?wrongpassword=1");
+		die();
+	}
+	
+	// Save variables as cookies
+	setcookie('user', $user, time() + (86400 * 10), "/");
+	if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
+	else setcookie('password', '', -1, "/");
+	
+	// Success, proceed to main page
 	header("Location: ../main.php");
 ?>

php/request.php

diff --git a/php/request.php b/php/request.php
index f010b36..aca3540 100644
--- a/php/request.php
+++ b/php/request.php
@@ -1,33 +1,20 @@
 <?php
-	// Define MySQL login variables
-	$servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
-	$username = "root"; // "andreu";
-	$password = ""; // "1234";
-	$dbname = "pastanaga"; // "fme_2019";
+	require 'utils.php';
 
-	// Create connection
-	$conn = new mysqli($servername, $username, $password, $dbname);
-	if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
-	$conn->set_charset("utf8");
-	
 	// Do the query
 	$queries = [""];
-	
 	$victimid = "ANY (SELECT quimata FROM users WHERE id=".(int)$_POST['user_id'].")";
 	
-	if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; // request kill
-	if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
-	if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
+	if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; 						// request kill
+	if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; 	// request dead
+	if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; 			// deny request
 	if ($_POST['msg'] == "CONF DEAD") {
-		$queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
-				  "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
+		$queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], 	// assign new victim to killer
+				  "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; 											// confirm victim dead/killed
 	}
 	// Fetch the information of the user
 	foreach ($queries as $query) {
-		if ($query != "" and $result = $conn->query($query)) echo $query;
+		if ($query != "" and $result = query($query)) echo $query;
 		else die("Wrong query: " . $query);
 	}
-	
-	// Close connection
-	$conn->close();
 ?>

php/utils.php

diff --git a/php/utils.php b/php/utils.php
index fd8d731..084c41c 100644
--- a/php/utils.php
+++ b/php/utils.php
@@ -12,9 +12,7 @@
 		}
 	}
 	
-	function get_users($id = 0) {
-		$users = [];
-		
+	function query($query) {
 		// Define MySQL login variables
 		$servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
 		$username = "root"; // "andreu";
@@ -26,12 +24,25 @@
 		if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
 		$conn->set_charset("utf8");
 		
-		// Do the query
+		// Execute query and save result
+		$result = $conn->query($query);
+		
+		// Close the connection 
+		$conn->close();
+		
+		// Return result of query
+		return $result;
+	}
+	
+	function get_users($id = 0) {
+		$users = [];
+		
+		// Prepare the query
 		$query = "SELECT * FROM users";
 		if ($id > 0) $query .= " WHERE id=".$id;
 
 		// Fetch the information of the user
-		if ($result = $conn->query($query)) {
+		if ($result = query($query)) {
 			while ($row = $result->fetch_row()) {
 				$user = new User();
 				
@@ -42,6 +53,7 @@
 				$user->quimata = $row[4];
 				$user->requested = $row[5];
 				$user->mort = $row[6];
+				$user->md5password = $row[7];
 				
 				array_push($users, $user);
 			}
@@ -49,9 +61,6 @@
 		} else {
 			die("Wrong query: " . $query);
 		}
-
-		// Close connection
-		$conn->close();
 		
 		if ($id > 0) return $users[0];
 		else return $users;