From f4d5d71da4f94bf9bc87505e745eed913c9858b9 Mon Sep 17 00:00:00 2001
From: Alex Vitkov <alexvitkov98@gmail.com>
Date: Fri, 29 Jan 2021 14:01:41 +0200
Subject: Login is now remembered in $_SESSION['username']

If it is set, user is logged in, if it is unset
user is not logged in
---
 php/login.php    |  7 ++++---
 php/logout.php   | 10 ++++++++++
 php/register.php |  4 ++++
 3 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 php/logout.php

(limited to 'php')

diff --git a/php/login.php b/php/login.php
index e6d44dc..536a5bf 100644
--- a/php/login.php
+++ b/php/login.php
@@ -3,6 +3,8 @@ require_once "user.php";
 require_once "database.php";
 require_once "misc.php";
 
+session_start();
+
 $username=$_POST["username"];
 $password=$_POST["password"];
 /*server side verification*/
@@ -18,8 +20,7 @@ if(!$user)
 	die("Password or username is incorrect");
 }
 
-echo "Username: {$user->username}\n";
-echo "Email: {$user->email_address}";
-
+$_SESSION['username'] = $user->username;
+header('Location: /');
 
 ?>
diff --git a/php/logout.php b/php/logout.php
new file mode 100644
index 0000000..9a4cdd7
--- /dev/null
+++ b/php/logout.php
@@ -0,0 +1,10 @@
+<?php
+// TODO
+// This is dangerous and stupid
+// Right now every webpage can redirect any of its users to http://shady.upload/logout
+// which will log the user out of our webpage
+
+session_start();
+unset($_SESSION['username']);
+header('Location: /');
+?>
diff --git a/php/register.php b/php/register.php
index ef1f238..1d31a91 100644
--- a/php/register.php
+++ b/php/register.php
@@ -31,4 +31,8 @@ if($database->register_user($username,$password,$email))
 	echo "didn't register";
 }
 
+
+$_SESSION['username'] = $username;
+header('Location: /');
+
 ?>
-- 
cgit v1.2.3