completed login system

index.php

@@ -1,3 +1,6 @@
+<?php
+session_start();
+?>
 <!DOCTYPE html>
 <html lang="cs">
 <head>
@@ -43,22 +46,50 @@
 	<div id="login_indicator">Přihlášen jako:</div>
 
 	<?php
+		//PASSWORD
 		$secret = fopen("./secret", "r");
 		$database = mysqli_connect("109.123.243.163", "fht", fgets($secret), "fht");
 		fclose($secret);
 
+		//CHECK FOR LOGIN
+		if (isset($_SESSION["username"])) login(null);
+
 		if (isset($_POST["sub"]))
 		{
+			$safe_uname = mysqli_real_escape_string($database, $_POST["username"]);
+			$hashed_pass = hash("sha256", $_POST["password"]);
+
 			if (str_starts_with($_POST["sub"], "Registrovat"))
 			{
-				$safe_uname = mysqli_real_escape_string($database, $_POST["username"]);
+				$database -> query("INSERT INTO user (username, password) VALUES (\"" . $safe_uname . "\",\"" . $hashed_pass ."\")");
 
-				$database -> query("INSERT INTO user (username, password) VALUES (\"" . $safe_uname . "\",\"" . hash("sha256", $_POST["password"]) ."\")");
+				login($safe_uname);
 			} else
 			{
-				echo "log";
+				$res = $database -> query("SELECT username, password FROM user WHERE username=\"" . $safe_uname . "\" AND password = \"" . $hashed_pass . "\"");
+
+				if ($res -> num_rows == 1)
+				{
+					login($safe_uname);
+				} else
+				{
+					echo "<script>alert(\"Nesprávné uživatelské jméno nebo heslo.\");</script>";
 				}
 			}
+		}
+
+		function login($uname)
+		{
+			if ($uname != null)
+			{
+				$_SESSION["username"] = $uname;
+			} else
+			{
+				$uname = $_SESSION["username"];
+			}
+
+			echo "<script>set_login_uname(\"" . $uname . "\")</script>";
+		}
 	?>
 </body>
 </html>