completed login system

2024-05-07 21:06:37 +02:00 · 2024-05-07 21:06:37 +02:00 · 8f2589c399
commit 8f2589c399
parent 83ff40ca0d
1 changed files with 34 additions and 3 deletions
--- a/index.php
+++ b/index.php
@ -1,3 +1,6 @@
 <?php
 session_start();
 ?>
 <!DOCTYPE html>
 <html lang="cs">
 <head>
@ -43,22 +46,50 @@
 	<div id="login_indicator">Přihlášen jako:</div>
 	<?php
 		//PASSWORD
 		$secret = fopen("./secret", "r");
 		$database = mysqli_connect("109.123.243.163", "fht", fgets($secret), "fht");
 		fclose($secret);
 		//CHECK FOR LOGIN
 		if (isset($_SESSION["username"])) login(null);
 		if (isset($_POST["sub"]))
 		{
 			$safe_uname = mysqli_real_escape_string($database, $_POST["username"]);
 			$hashed_pass = hash("sha256", $_POST["password"]);
 			if (str_starts_with($_POST["sub"], "Registrovat"))
 			{
-				$safe_uname = mysqli_real_escape_string($database, $_POST["username"]);
+				$database -> query("INSERT INTO user (username, password) VALUES (\"" . $safe_uname . "\",\"" . $hashed_pass ."\")");
-				$database -> query("INSERT INTO user (username, password) VALUES (\"" . $safe_uname . "\",\"" . hash("sha256", $_POST["password"]) ."\")");
+				login($safe_uname);
 			} else
 			{
-				echo "log";
+				$res = $database -> query("SELECT username, password FROM user WHERE username=\"" . $safe_uname . "\" AND password = \"" . $hashed_pass . "\"");
 				if ($res -> num_rows == 1)
 				{
 					login($safe_uname);
 				} else
 				{
 					echo "<script>alert(\"Nesprávné uživatelské jméno nebo heslo.\");</script>";
 				}
 			}
 		}
 		function login($uname)
 		{
 			if ($uname != null)
 			{
 				$_SESSION["username"] = $uname;
 			} else
 			{
 				$uname = $_SESSION["username"];
 			}
 			echo "<script>set_login_uname(\"" . $uname . "\")</script>";
 		}
 	?>
 </body>
 </html>