move login SQL to DB-class

public/index.php

@@ -153,14 +153,9 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo
     } else {
         $postdata = $request->getParsedBody();
 
-
         global $db;
-        // OPDRACHT : herwerk deze om te beveiligen tegen SQL Attack
-        $sql = "SELECT count(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "';";
-        $ret = $db->query($sql);
-        $rows = $ret->fetchArray(SQLITE3_ASSOC);
-        $rowcount = $rows['count'];
-        if ($rowcount == 1) {
+        $logged_in = $db->checkUserPass($postdata['username'], $postdata['password']);
+        if ($logged_in) {
             //if ($postdata['username'] == 'gebruiker' && $postdata['password'] == "abcd") {
             $_SESSION["username"] = $postdata['username'];
             addNavbar($response);

src/DB.php

@@ -10,4 +10,17 @@ class DB extends SQLite3
     {
         $this->open('../private/test.db');
     }
+
+    public function checkUserPass($user, $pass)
+    {
+        $sql = "SELECT count(*) as count FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "';";
+        $ret = $this->query($sql);
+        $rows = $ret->fetchArray(SQLITE3_ASSOC);
+        $rowcount = $rows['count'];
+        if ($rowcount == 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }