move login SQL to DB class

public/index.php

@@ -161,14 +161,10 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo
         addFooter($response);
     } else {
         $postdata = $request->getParsedBody();
-
+        
         global $db;
-        $sql = "SELECT COUNT(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "'"; 
-        // herweken, beveiligen tegen injection
-        $ret = $db->query($sql);
-        $rows = $ret->fetchArray(SQLITE3_ASSOC);
-        $rowcount = $rows['count'];
-        if ($rowcount == 1) {
+        $logged_in = $db->checkUserPass($postdata['username'], $postdata['password']);
+        if ($logged_in) {
             $_SESSION["username"] = $postdata['username'];
             addNavbar($response);
             $response->getBody()->write('Logged in');

src/DB.php

@@ -8,6 +8,18 @@ class DB extends SQLite3 {
 	function __construct() {
 		$this->open('../private/test.db');
 	}
+
+	public function checkUserPass($user, $pass) {
+		$sql = "SELECT COUNT(*) as count FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "'";
+		$ret = $this->query($sql);
+		$rows = $ret->fetchArray(SQLITE3_ASSOC);
+		$rowcount = $rows['count'];
+		if ($rowcount == 1) {
+			return true;
+		} else {
+			return false;
+		}
+	}
 }
 
 ?>