commit 20cbd1d8eede313b25418e2a13e214bc671768ba
author Andreu <andreuhuguet@gmail.com> Sun Sep 22 00:00:57 2019 +0200
committer Andreu <andreuhuguet@gmail.com> Sun Sep 22 00:00:57 2019 +0200
tree 9c19c7875401e61542a93d19ebd419c31573e6c3
parent 09b8b051c863d1aa05983cf6ecfe64d35287cfe8

Password working

php/login.php

diff --git a/php/login.php b/php/login.php
index 851f412..3ebd0c5 100644
--- a/php/login.php
+++ b/php/login.php
@@ -2,14 +2,34 @@
 	require 'utils.php';
 	
 	// Set the 'user' POST and COOKIE variable
-	if (isset($_POST['user'])) {
-		setcookie('user', $_POST['user'], time() + (86400 * 10), "/");
-	} else if (isset($_COOKIE['user']) && !isset($_POST['user'])) {
-		$_POST['user'] = $_COOKIE['user'];
-	} else if (!isset($_COOKIE['user']) && !isset($_POST['user'])) {
-		header("Location: ./index.php");
+	$user = '';
+	if (isset($_POST['user'])) $user = $_POST['user'];
+	else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
+	else {
+		header("Location: ../index.php");
 		die();
 	}
 	
+	// Check if password is correct
+	$query_password = "SELECT password FROM users WHERE id=".$user;
+	$real_password = query($query_password)->fetch_row()[0];
+	
+	// Prioritize input rather than memory
+	$password = '';
+	if (isset($_POST['password'])) $password = $_POST['password'];
+	else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
+	
+	// Redirect if wrong
+	if ($real_password != "" && $real_password != md5($password)) {
+		header("Location: ../index.php?wrongpassword=1");
+		die();
+	}
+	
+	// Save variables as cookies
+	setcookie('user', $user, time() + (86400 * 10), "/");
+	if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
+	else setcookie('password', '', -1, "/");
+	
+	// Success, proceed to main page
 	header("Location: ../main.php");
 ?>