website/public/login.php

@@ -21,14 +21,16 @@
 
         }
         else {
-            $uname=$_POST["uname"];
+            $uname=strtolower($_POST["uname"]);
             $psw=$_POST["psw"];
             $hash=hashPassword()["password"];
+            $userid=hashPassword()["userID"];
             
             // If there's an account, go to the profile page
-            if(password_verify($psw, $hash)) {
+            if(password_verify($psw.$uname, $hash)) {
+               $_SESSION["userID"] = $userid;
+               header("location: /profile.php");
 
-               header("location: myhyvesbookplus.nl/profile.php");
             } else {
                $loginErr = "Inloggegevens zijn niet correct";
             }

website/public/register.php

@@ -88,7 +88,7 @@
                 $usernameErr = "Gebruikersnaam moet minstens 6 karakters bevatten";
                 $correct = false;
 
-            } else if (getExistingUser() == 1 ){
+            } else if (getExistingUsername() == 1){
                 $usernameErr = "Gebruikersnaam bestaat al";
                 $correct = false; 
 
@@ -153,7 +153,7 @@
 
         } else {
             registerAccount();
-            // header("location: login.php");
+            header("location: login.php");
 
         }
     }

website/queries/login.php

@@ -3,11 +3,12 @@
 function hashPassword() {
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
-      `password`
+      `password`,
+      `userID`
     FROM
       `user`
     WHERE
-      `username` = :username
+      `username` LIKE :username
     ");
 
     $stmt->bindParam(":username", $_POST["uname"]);

website/queries/register.php

@@ -1,8 +1,13 @@
 <?php
 
-function getExistingUser() {
+function getExistingUsername() {
     $stmt = $GLOBALS["db"]->prepare("
-    SELECT * FROM `user` WHERE `username` = :username
+    SELECT
+      `username`
+    FROM
+      `user`
+    WHERE
+      `username` LIKE :username
     ");
 
     $stmt->bindParam(":username", $_POST["username"]);
@@ -41,7 +46,7 @@ function registerAccount() {
       :email
     )");
 
-    $hash=password_hash($_POST["password"], PASSWORD_DEFAULT);
+    $hash=password_hash($_POST["password"].(strtolower($_POST["username"])), PASSWORD_DEFAULT);
 
     $stmt->bindParam(":fname", $_POST["name"]);
     $stmt->bindParam(":lname", $_POST["surname"]);
@@ -51,7 +56,7 @@ function registerAccount() {
     $stmt->bindParam(":location", $_POST["location"]);
     $stmt->bindParam(":email", $_POST["email"]);
 
-    print("execute".$stmt->execute());
-    print("count".$stmt->rowCount());
+    $stmt->execute();
+    $stmt->rowCount();
 }
 ?>