|
|
@@ -161,14 +161,10 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo |
|
|
|
addFooter($response); |
|
|
|
} else { |
|
|
|
$postdata = $request->getParsedBody(); |
|
|
|
|
|
|
|
|
|
|
|
global $db; |
|
|
|
$sql = "SELECT COUNT(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "'"; |
|
|
|
// herweken, beveiligen tegen injection |
|
|
|
$ret = $db->query($sql); |
|
|
|
$rows = $ret->fetchArray(SQLITE3_ASSOC); |
|
|
|
$rowcount = $rows['count']; |
|
|
|
if ($rowcount == 1) { |
|
|
|
$logged_in = $db->checkUserPass($postdata['username'], $postdata['password']); |
|
|
|
if ($logged_in) { |
|
|
|
$_SESSION["username"] = $postdata['username']; |
|
|
|
addNavbar($response); |
|
|
|
$response->getBody()->write('Logged in'); |