php/login.php

<?php
	require '../credentials.php';
	require 'utils.php';
	
	// Set the 'user' POST and COOKIE variable
	$user = '';
	if (isset($_POST['user'])) $user = $_POST['user'];
	else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
	else {
		die("<script>window.location.href = '../index.php'</script>");
	}
	
	// Check if password is correct
	$query_password = "SELECT password FROM users WHERE id=".$user;
	$real_password = query($query_password)->fetch_row()[0];
	
	// Prioritize input rather than memory
	$password = '';
	if (isset($_POST['password'])) $password = $_POST['password'];
	else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
	
	// Redirect if wrong
	if ($real_password != "" && $real_password != md5($password)) {
		// Forget cookies
		setcookie('user', '', -1, "/");
		setcookie('password', '', -1, "/");
		
		die("<script>window.location.href = '../index.php?wrongpassword=1'</script>");
	}
	
	// Save variables as cookies
	setcookie('user', $user, time() + (86400 * 10), "/");
	if ($real_password != "") setcookie('password', md5($password), time() + (86400 * 10), "/");
	else setcookie('password', '', -1, "/");
	
	// Success, proceed to main page
	die("<script>window.location.href = '../main.php';</script>");
?>