|
|
@@ -153,14 +153,9 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo |
|
|
|
} else { |
|
|
|
$postdata = $request->getParsedBody(); |
|
|
|
|
|
|
|
|
|
|
|
global $db; |
|
|
|
// OPDRACHT : herwerk deze om te beveiligen tegen SQL Attack |
|
|
|
$sql = "SELECT count(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "';"; |
|
|
|
$ret = $db->query($sql); |
|
|
|
$rows = $ret->fetchArray(SQLITE3_ASSOC); |
|
|
|
$rowcount = $rows['count']; |
|
|
|
if ($rowcount == 1) { |
|
|
|
$logged_in = $db->checkUserPass($postdata['username'], $postdata['password']); |
|
|
|
if ($logged_in) { |
|
|
|
//if ($postdata['username'] == 'gebruiker' && $postdata['password'] == "abcd") { |
|
|
|
$_SESSION["username"] = $postdata['username']; |
|
|
|
addNavbar($response); |