From a7c943676f64fe33fd3976fa9eb7fec3a2b6149e Mon Sep 17 00:00:00 2001
From: AkisYTB3 <akisytbsteamy@gmail.com>
Date: Sat, 20 Jan 2024 16:35:03 +0100
Subject: [PATCH] Changes in html and Login/Register php

---
 login.php           | 21 +++++++++++++--------
 pages/index.html    | 28 ++++++++++++++++++++++++++++
 pages/login.html    | 16 ++++++++++++++++
 pages/register.html | 16 ++++++++++++++++
 register.php        | 15 +++++++++++----
 5 files changed, 84 insertions(+), 12 deletions(-)

diff --git a/login.php b/login.php
index ff94f57..3013ce1 100644
--- a/login.php
+++ b/login.php
@@ -7,18 +7,23 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $username = $_POST['username'];
     $password = $_POST['password'];
 
-    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+    // Prepare and execute the SQL query using prepared statements
+    $query = "SELECT id, username, password, isAdmin FROM users WHERE username = ?";
+    $stmt = $mysqli->prepare($query);
+    $stmt->bind_param("s", $username);
+    $stmt->execute();
+    $stmt->bind_result($user_id, $user_username, $user_password, $user_isAdmin);
 
-    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$hashed_password'";
-    $result = mysqli_query($mysqli, $query);
-
-    if (mysqli_num_rows($result) == 1) {
-        $user = mysqli_fetch_assoc($result);
-        $_SESSION['user_id'] = $user['id'];
-        header('Location: main.php');
+    // Fetch the result
+    if ($stmt->fetch() && password_verify($password, $user_password)) {
+        $_SESSION['user_id'] = $user_id;
+        header('Location: index.php');
         exit();
     } else {
         echo "Invalid username or password.";
     }
+
+    // Close the statement
+    $stmt->close();
 }
 ?>
diff --git a/pages/index.html b/pages/index.html
index e69de29..e626d11 100644
--- a/pages/index.html
+++ b/pages/index.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Welcome</title>
+    <link rel="stylesheet" href="../styles/pages/index.css">
+</head>
+<body>
+    <h2>Welcome</h2>
+    <?php
+    echo "Logged in as " . $user['username'];
+    if ($user['isAdmin'] == 1) {
+        echo " (Admin)";
+    }
+    ?>
+
+    <!-- Display Gravatar image -->
+    <?php
+    $email = $user['email'];
+    $hash = md5(strtolower(trim($email)));
+    $gravatarUrl = "https://www.gravatar.com/avatar/$hash?s=100";
+    echo "<img src='$gravatarUrl' alt='Gravatar Profile Picture'>";
+    ?>
+
+    <a href="logout.php">Logout</a>
+</body>
+</html>
diff --git a/pages/login.html b/pages/login.html
index e69de29..8fe6d1c 100644
--- a/pages/login.html
+++ b/pages/login.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+    <link rel="stylesheet" href="../styles/pages/login.css">
+</head>
+<body>
+    <h2>Login</h2>
+    <form action="../login.php" method="post">
+        <!-- Add your login form fields here (e.g., username, password) -->
+        <input type="submit" value="Login">
+    </form>
+</body>
+</html>
diff --git a/pages/register.html b/pages/register.html
index e69de29..0c6fb2b 100644
--- a/pages/register.html
+++ b/pages/register.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Register</title>
+    <link rel="stylesheet" href="../styles/pages/register.css">
+</head>
+<body>
+    <h2>Register</h2>
+    <form action="../register.php" method="post">
+        <!-- Add your registration form fields here (e.g., username, email, password) -->
+        <input type="submit" value="Register">
+    </form>
+</body>
+</html>
diff --git a/register.php b/register.php
index 8d40bb1..3e4ce25 100644
--- a/register.php
+++ b/register.php
@@ -11,14 +11,21 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     // Hash the password
     $hashed_password = password_hash($password, PASSWORD_DEFAULT);
 
-    // Insert user into the database
-    $query = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$hashed_password')";
-    $result = mysqli_query($mysqli, $query);
+    // Prepare and execute the SQL query using prepared statements
+    $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
+    $stmt = $mysqli->prepare($query);
+    $stmt->bind_param("sss", $username, $email, $hashed_password);
+
+    // Execute the statement
+    $result = $stmt->execute();
 
     if ($result) {
         echo "Registration successful. <a href='login.html'>Login here</a>.";
     } else {
-        echo "Error: " . mysqli_error($mysqli);
+        echo "Error: " . $mysqli->error;
     }
+
+    // Close the statement
+    $stmt->close();
 }
 ?>