Changes in html and Login/Register php

login.php

@@ -7,18 +7,23 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $username = $_POST['username'];
     $password = $_POST['password'];
 
-    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+    // Prepare and execute the SQL query using prepared statements
+    $query = "SELECT id, username, password, isAdmin FROM users WHERE username = ?";
+    $stmt = $mysqli->prepare($query);
+    $stmt->bind_param("s", $username);
+    $stmt->execute();
+    $stmt->bind_result($user_id, $user_username, $user_password, $user_isAdmin);
 
-    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$hashed_password'";
-    $result = mysqli_query($mysqli, $query);
-
-    if (mysqli_num_rows($result) == 1) {
-        $user = mysqli_fetch_assoc($result);
-        $_SESSION['user_id'] = $user['id'];
-        header('Location: main.php');
+    // Fetch the result
+    if ($stmt->fetch() && password_verify($password, $user_password)) {
+        $_SESSION['user_id'] = $user_id;
+        header('Location: index.php');
         exit();
     } else {
         echo "Invalid username or password.";
     }
+
+    // Close the statement
+    $stmt->close();
 }
 ?>

pages/index.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Welcome</title>
+    <link rel="stylesheet" href="../styles/pages/index.css">
+</head>
+<body>
+    <h2>Welcome</h2>
+    <?php
+    echo "Logged in as " . $user['username'];
+    if ($user['isAdmin'] == 1) {
+        echo " (Admin)";
+    }
+    ?>
+
+    <!-- Display Gravatar image -->
+    <?php
+    $email = $user['email'];
+    $hash = md5(strtolower(trim($email)));
+    $gravatarUrl = "https://www.gravatar.com/avatar/$hash?s=100";
+    echo "<img src='$gravatarUrl' alt='Gravatar Profile Picture'>";
+    ?>
+
+    <a href="logout.php">Logout</a>
+</body>
+</html>

pages/login.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+    <link rel="stylesheet" href="../styles/pages/login.css">
+</head>
+<body>
+    <h2>Login</h2>
+    <form action="../login.php" method="post">
+        <!-- Add your login form fields here (e.g., username, password) -->
+        <input type="submit" value="Login">
+    </form>
+</body>
+</html>

pages/register.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Register</title>
+    <link rel="stylesheet" href="../styles/pages/register.css">
+</head>
+<body>
+    <h2>Register</h2>
+    <form action="../register.php" method="post">
+        <!-- Add your registration form fields here (e.g., username, email, password) -->
+        <input type="submit" value="Register">
+    </form>
+</body>
+</html>

register.php

@@ -11,14 +11,21 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     // Hash the password
     $hashed_password = password_hash($password, PASSWORD_DEFAULT);
 
-    // Insert user into the database
-    $query = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$hashed_password')";
-    $result = mysqli_query($mysqli, $query);
+    // Prepare and execute the SQL query using prepared statements
+    $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
+    $stmt = $mysqli->prepare($query);
+    $stmt->bind_param("sss", $username, $email, $hashed_password);
+
+    // Execute the statement
+    $result = $stmt->execute();
 
     if ($result) {
         echo "Registration successful. <a href='login.html'>Login here</a>.";
     } else {
-        echo "Error: " . mysqli_error($mysqli);
+        echo "Error: " . $mysqli->error;
     }
+
+    // Close the statement
+    $stmt->close();
 }
 ?>