Password working
diff --git a/php/change_password.php b/php/change_password.php
new file mode 100644
index 0000000..ce157f7
--- /dev/null
+++ b/php/change_password.php
@@ -0,0 +1,19 @@
+<?php
+ require 'utils.php';
+
+ // Check if confirmation is the same
+ if ($_POST['password'] != $_POST['confirmation']) {
+ header("Location: ../main.php?wrong_password=1");
+ die();
+ } else {
+ // Execute query to change password
+ $update_password = "UPDATE users SET password=\"".md5($_POST['password'])."\" WHERE id=".$_POST['userid'];
+ if(!$result = query($update_password)) header("Location: ../main.php?errordb=1");
+
+ // Save 'password' to cookies
+ setcookie('password', md5($_POST['password']), time() + (86400 * 10), "/");
+
+ // Go back to main page
+ header("Location: ../main.php?successpassword=1");
+ }
+?>
diff --git a/php/login.php b/php/login.php
index 851f412..3ebd0c5 100644
--- a/php/login.php
+++ b/php/login.php
@@ -2,14 +2,34 @@
require 'utils.php';
// Set the 'user' POST and COOKIE variable
- if (isset($_POST['user'])) {
- setcookie('user', $_POST['user'], time() + (86400 * 10), "/");
- } else if (isset($_COOKIE['user']) && !isset($_POST['user'])) {
- $_POST['user'] = $_COOKIE['user'];
- } else if (!isset($_COOKIE['user']) && !isset($_POST['user'])) {
- header("Location: ./index.php");
+ $user = '';
+ if (isset($_POST['user'])) $user = $_POST['user'];
+ else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
+ else {
+ header("Location: ../index.php");
die();
}
+ // Check if password is correct
+ $query_password = "SELECT password FROM users WHERE id=".$user;
+ $real_password = query($query_password)->fetch_row()[0];
+
+ // Prioritize input rather than memory
+ $password = '';
+ if (isset($_POST['password'])) $password = $_POST['password'];
+ else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
+
+ // Redirect if wrong
+ if ($real_password != "" && $real_password != md5($password)) {
+ header("Location: ../index.php?wrongpassword=1");
+ die();
+ }
+
+ // Save variables as cookies
+ setcookie('user', $user, time() + (86400 * 10), "/");
+ if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
+ else setcookie('password', '', -1, "/");
+
+ // Success, proceed to main page
header("Location: ../main.php");
?>
diff --git a/php/request.php b/php/request.php
index f010b36..aca3540 100644
--- a/php/request.php
+++ b/php/request.php
@@ -1,33 +1,20 @@
<?php
- // Define MySQL login variables
- $servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
- $username = "root"; // "andreu";
- $password = ""; // "1234";
- $dbname = "pastanaga"; // "fme_2019";
+ require 'utils.php';
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
- $conn->set_charset("utf8");
-
// Do the query
$queries = [""];
-
$victimid = "ANY (SELECT quimata FROM users WHERE id=".(int)$_POST['user_id'].")";
- if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; // request kill
- if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
- if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
+ if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; // request kill
+ if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
+ if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
if ($_POST['msg'] == "CONF DEAD") {
- $queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
- "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
+ $queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
+ "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
}
// Fetch the information of the user
foreach ($queries as $query) {
- if ($query != "" and $result = $conn->query($query)) echo $query;
+ if ($query != "" and $result = query($query)) echo $query;
else die("Wrong query: " . $query);
}
-
- // Close connection
- $conn->close();
?>
diff --git a/php/utils.php b/php/utils.php
index fd8d731..084c41c 100644
--- a/php/utils.php
+++ b/php/utils.php
@@ -12,9 +12,7 @@
}
}
- function get_users($id = 0) {
- $users = [];
-
+ function query($query) {
// Define MySQL login variables
$servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
$username = "root"; // "andreu";
@@ -26,12 +24,25 @@
if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
$conn->set_charset("utf8");
- // Do the query
+ // Execute query and save result
+ $result = $conn->query($query);
+
+ // Close the connection
+ $conn->close();
+
+ // Return result of query
+ return $result;
+ }
+
+ function get_users($id = 0) {
+ $users = [];
+
+ // Prepare the query
$query = "SELECT * FROM users";
if ($id > 0) $query .= " WHERE id=".$id;
// Fetch the information of the user
- if ($result = $conn->query($query)) {
+ if ($result = query($query)) {
while ($row = $result->fetch_row()) {
$user = new User();
@@ -42,6 +53,7 @@
$user->quimata = $row[4];
$user->requested = $row[5];
$user->mort = $row[6];
+ $user->md5password = $row[7];
array_push($users, $user);
}
@@ -49,9 +61,6 @@
} else {
die("Wrong query: " . $query);
}
-
- // Close connection
- $conn->close();
if ($id > 0) return $users[0];
else return $users;