Password working
diff --git a/php/change_password.php b/php/change_password.php
new file mode 100644
index 0000000..ce157f7
--- /dev/null
+++ b/php/change_password.php
@@ -0,0 +1,19 @@
+<?php
+	require 'utils.php';
+
+	// Check if confirmation is the same
+	if ($_POST['password'] != $_POST['confirmation']) {
+		header("Location: ../main.php?wrong_password=1");
+		die();
+	} else {
+		// Execute query to change password
+		$update_password = "UPDATE users SET password=\"".md5($_POST['password'])."\" WHERE id=".$_POST['userid'];
+		if(!$result = query($update_password)) header("Location: ../main.php?errordb=1");
+		
+		// Save 'password' to cookies
+		setcookie('password', md5($_POST['password']), time() + (86400 * 10), "/");
+		
+		// Go back to main page
+		header("Location: ../main.php?successpassword=1");
+	}
+?>
diff --git a/php/login.php b/php/login.php
index 851f412..3ebd0c5 100644
--- a/php/login.php
+++ b/php/login.php
@@ -2,14 +2,34 @@
 	require 'utils.php';
 	
 	// Set the 'user' POST and COOKIE variable
-	if (isset($_POST['user'])) {
-		setcookie('user', $_POST['user'], time() + (86400 * 10), "/");
-	} else if (isset($_COOKIE['user']) && !isset($_POST['user'])) {
-		$_POST['user'] = $_COOKIE['user'];
-	} else if (!isset($_COOKIE['user']) && !isset($_POST['user'])) {
-		header("Location: ./index.php");
+	$user = '';
+	if (isset($_POST['user'])) $user = $_POST['user'];
+	else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
+	else {
+		header("Location: ../index.php");
 		die();
 	}
 	
+	// Check if password is correct
+	$query_password = "SELECT password FROM users WHERE id=".$user;
+	$real_password = query($query_password)->fetch_row()[0];
+	
+	// Prioritize input rather than memory
+	$password = '';
+	if (isset($_POST['password'])) $password = $_POST['password'];
+	else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
+	
+	// Redirect if wrong
+	if ($real_password != "" && $real_password != md5($password)) {
+		header("Location: ../index.php?wrongpassword=1");
+		die();
+	}
+	
+	// Save variables as cookies
+	setcookie('user', $user, time() + (86400 * 10), "/");
+	if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
+	else setcookie('password', '', -1, "/");
+	
+	// Success, proceed to main page
 	header("Location: ../main.php");
 ?>
diff --git a/php/request.php b/php/request.php
index f010b36..aca3540 100644
--- a/php/request.php
+++ b/php/request.php
@@ -1,33 +1,20 @@
 <?php
-	// Define MySQL login variables
-	$servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
-	$username = "root"; // "andreu";
-	$password = ""; // "1234";
-	$dbname = "pastanaga"; // "fme_2019";
+	require 'utils.php';
 
-	// Create connection
-	$conn = new mysqli($servername, $username, $password, $dbname);
-	if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
-	$conn->set_charset("utf8");
-	
 	// Do the query
 	$queries = [""];
-	
 	$victimid = "ANY (SELECT quimata FROM users WHERE id=".(int)$_POST['user_id'].")";
 	
-	if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; // request kill
-	if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; // request dead
-	if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; // deny request
+	if ($_POST['msg'] == "REQ KILL") $queries = ["UPDATE users SET requested=1 WHERE id=".$victimid]; 						// request kill
+	if ($_POST['msg'] == "REQ DEAD") $queries = ["UPDATE users SET requested=2 WHERE quimata=".(int)$_POST['user_id']]; 	// request dead
+	if ($_POST['msg'] == "DENY REQ") $queries = ["UPDATE users SET requested=0 WHERE id=".(int)$_POST['user_id']]; 			// deny request
 	if ($_POST['msg'] == "CONF DEAD") {
-		$queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], // assign new victim to killer
-				  "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; // confirm victim dead/killed
+		$queries = ["UPDATE users SET requested=0, quimata=".(int)$_POST['user_quimata']." WHERE quimata=".(int)$_POST['user_id'], 	// assign new victim to killer
+				  "UPDATE users SET quimata=0, mort=1 WHERE id=".(int)$_POST['user_id']]; 											// confirm victim dead/killed
 	}
 	// Fetch the information of the user
 	foreach ($queries as $query) {
-		if ($query != "" and $result = $conn->query($query)) echo $query;
+		if ($query != "" and $result = query($query)) echo $query;
 		else die("Wrong query: " . $query);
 	}
-	
-	// Close connection
-	$conn->close();
 ?>
diff --git a/php/utils.php b/php/utils.php
index fd8d731..084c41c 100644
--- a/php/utils.php
+++ b/php/utils.php
@@ -12,9 +12,7 @@
 		}
 	}
 	
-	function get_users($id = 0) {
-		$users = [];
-		
+	function query($query) {
 		// Define MySQL login variables
 		$servername = "localhost"; // "andreuhuguet78654.ipagemysql.com";
 		$username = "root"; // "andreu";
@@ -26,12 +24,25 @@
 		if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
 		$conn->set_charset("utf8");
 		
-		// Do the query
+		// Execute query and save result
+		$result = $conn->query($query);
+		
+		// Close the connection 
+		$conn->close();
+		
+		// Return result of query
+		return $result;
+	}
+	
+	function get_users($id = 0) {
+		$users = [];
+		
+		// Prepare the query
 		$query = "SELECT * FROM users";
 		if ($id > 0) $query .= " WHERE id=".$id;
 
 		// Fetch the information of the user
-		if ($result = $conn->query($query)) {
+		if ($result = query($query)) {
 			while ($row = $result->fetch_row()) {
 				$user = new User();
 				
@@ -42,6 +53,7 @@
 				$user->quimata = $row[4];
 				$user->requested = $row[5];
 				$user->mort = $row[6];
+				$user->md5password = $row[7];
 				
 				array_push($users, $user);
 			}
@@ -49,9 +61,6 @@
 		} else {
 			die("Wrong query: " . $query);
 		}
-
-		// Close connection
-		$conn->close();
 		
 		if ($id > 0) return $users[0];
 		else return $users;