basic db authentication

public/index.php

@@ -127,10 +127,12 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo
 
 
         global $db;
-        $sql = "SELECT * FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "';";
+        $sql = "SELECT count(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "';";
         $ret = $db->query($sql);
-        $rows = $ret->fetchArray();
-        if ($postdata['username'] == 'gebruiker' && $postdata['password'] == "abcd") {
+        $rows = $ret->fetchArray(SQLITE3_ASSOC);
+        $rowcount = $rows['count'];
+        if ($rowcount == 1) {
+            //if ($postdata['username'] == 'gebruiker' && $postdata['password'] == "abcd") {
             $_SESSION["username"] = $postdata['username'];
             addNavbar($response);
             $response->getBody()->write('Logged in');