From 03159e12b5f63a0b38f44a7dc41443de1fc836a1 Mon Sep 17 00:00:00 2001
From: Dr3amFury <wille-boll00@hotmail.com>
Date: Thu, 17 Jul 2025 20:23:16 +0200
Subject: [PATCH] =?UTF-8?q?skapade=20registrering,=20logga=20in=20och=20lo?=
 =?UTF-8?q?gga=20ut.=20=C3=A4ndrade=20lite=20i=20auth.php?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 database_schema.sql  |  1 +
 inc/php/auth.php     | 18 +++++++++++-
 inc/php/login.php    | 43 ++++++++++++++++++++++++++++
 inc/php/register.php | 67 ++++++++++++++++++++++++++++++++++++++++++++
 login.php            | 29 -------------------
 register.php         | 36 ------------------------
 6 files changed, 128 insertions(+), 66 deletions(-)
 create mode 100644 inc/php/login.php
 create mode 100644 inc/php/register.php
 delete mode 100644 login.php
 delete mode 100644 register.php

diff --git a/database_schema.sql b/database_schema.sql
index ec79798..1f76d2c 100644
--- a/database_schema.sql
+++ b/database_schema.sql
@@ -4,5 +4,6 @@ CREATE TABLE users (
     username VARCHAR(50) NOT NULL UNIQUE,
     email VARCHAR(100) NOT NULL UNIQUE,
     password VARCHAR(255) NOT NULL,
+    uniqueid VARCHAR(255) NOT NULL,
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
diff --git a/inc/php/auth.php b/inc/php/auth.php
index 42aa0f8..e8841cf 100644
--- a/inc/php/auth.php
+++ b/inc/php/auth.php
@@ -1,7 +1,23 @@
 <?php
 session_start();
+require_once($_SERVER['DOCUMENT_ROOT'] . '/db.php');
 
-if (!isset($_SESSION['user_id'])) {
+function isAuthenticated() {
+    if (!isset($_SESSION['user_id']) || !isset($_SESSION['uniqueid'])) {
+        return false;
+    }
+
+    $conn = getConnection();
+    $stmt = $conn->prepare("SELECT id FROM users WHERE id = :id AND uniqueid = :uniqueid");
+    $stmt->execute([
+        'id' => $_SESSION['user_id'],
+        'uniqueid' => $_SESSION['uniqueid'],
+    ]);
+
+    return $stmt->fetch() !== false;
+}
+
+if (!isAuthenticated()) {
     header("Location: /landing.php");
     exit();
 }
diff --git a/inc/php/login.php b/inc/php/login.php
new file mode 100644
index 0000000..55b4f10
--- /dev/null
+++ b/inc/php/login.php
@@ -0,0 +1,43 @@
+<?php
+session_start();
+require_once($_SERVER['DOCUMENT_ROOT'] . '/db.php');
+
+$errors = [];
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $user = trim($_POST['user'] ?? '');
+    $password = $_POST['password'] ?? '';
+
+    if (empty($user) || empty($password)) {
+        $errors[] = "All fields are required.";
+    }
+
+    if (empty($errors)) {
+        $conn = getConnection();
+        $stmt = $conn->prepare("SELECT id, password, uniqueid FROM users WHERE email = :user OR username = :user");
+        $stmt->execute(['user' => $user]);
+        $result = $stmt->fetch();
+
+        if ($result && password_verify($password, $result['password'])) {
+            $_SESSION['user_id'] = $result['id'];
+            $_SESSION['uniqueid'] = $result['uniqueid'];
+            header("Location: /home.php");
+            exit();
+        } else {
+            $errors[] = "Invalid credentials.";
+        }
+    }
+}
+?>
+
+<!-- Basic form UI -->
+<h2>Login</h2>
+<form method="POST">
+    <input name="user" placeholder="Username or Email" required><br>
+    <input name="password" type="password" placeholder="Password" required><br>
+    <button type="submit">Login</button>
+</form>
+
+<?php if (!empty($errors)): ?>
+    <ul><?php foreach ($errors as $e) echo "<li>$e</li>"; ?></ul>
+<?php endif; ?>
diff --git a/inc/php/register.php b/inc/php/register.php
new file mode 100644
index 0000000..521ce61
--- /dev/null
+++ b/inc/php/register.php
@@ -0,0 +1,67 @@
+<?php
+session_start();
+require_once($_SERVER['DOCUMENT_ROOT'] . '/db.php');
+
+$errors = [];
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = trim($_POST['username'] ?? '');
+    $email = trim($_POST['email'] ?? '');
+    $password = $_POST['password'] ?? '';
+
+    // Validate inputs
+    if (empty($username) || empty($email) || empty($password)) {
+        $errors[] = "All fields are required.";
+    }
+
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        $errors[] = "Invalid email format.";
+    }
+
+    if (strlen($password) < 6) {
+        $errors[] = "Password must be at least 6 characters.";
+    }
+
+    if (empty($errors)) {
+        $conn = getConnection();
+
+        // Check if email or username already exists
+        $stmt = $conn->prepare("SELECT id FROM users WHERE email = :email OR username = :username");
+        $stmt->execute(['email' => $email, 'username' => $username]);
+
+        if ($stmt->fetch()) {
+            $errors[] = "Email or username already in use.";
+        } else {
+            $hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);
+            $uniqueId = bin2hex(random_bytes(16)); // session ID
+
+            $insert = $conn->prepare("INSERT INTO users (username, email, password, uniqueid) VALUES (:username, :email, :password, :uniqueid)");
+            $insert->execute([
+                'username' => $username,
+                'email' => $email,
+                'password' => $hash,
+                'uniqueid' => $uniqueId,
+            ]);
+
+            $_SESSION['user_id'] = $conn->lastInsertId();
+            $_SESSION['uniqueid'] = $uniqueId;
+
+            header("Location: /home.php");
+            exit();
+        }
+    }
+}
+?>
+
+<!-- Basic form UI -->
+<h2>Register</h2>
+<form method="POST">
+    <input name="username" placeholder="Username" required><br>
+    <input name="email" type="email" placeholder="Email" required><br>
+    <input name="password" type="password" placeholder="Password" required><br>
+    <button type="submit">Register</button>
+</form>
+
+<?php if (!empty($errors)): ?>
+    <ul><?php foreach ($errors as $e) echo "<li>$e</li>"; ?></ul>
+<?php endif; ?>
diff --git a/login.php b/login.php
deleted file mode 100644
index c4e61ab..0000000
--- a/login.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-session_start();
-require_once 'db.php';
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $email = trim($_POST['email']);
-    $password = $_POST['password'];
-
-    $conn = getConnection();
-    $stmt = $conn->prepare("SELECT id, username, password FROM Users WHERE email = ?");
-    $stmt->execute([$email]);
-    $user = $stmt->fetch();
-
-    if ($user && password_verify($password, $user['password'])) {
-        $_SESSION['user_id'] = $user['id'];
-        $_SESSION['username'] = $user['username'];
-        header('Location: home.php');
-        exit;
-    } else {
-        echo "Invalid credentials.";
-    }
-}
-?>
-
-<form method="POST">
-    <input type="email" name="email" placeholder="Email" required>
-    <input type="password" name="password" placeholder="Password" required>
-    <button type="submit">Login</button>
-</form>
\ No newline at end of file
diff --git a/register.php b/register.php
deleted file mode 100644
index 8a2bb2d..0000000
--- a/register.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-require_once 'db.php';
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $username = trim($_POST['username']);
-    $email = trim($_POST['email']);
-    $password = $_POST['password'];
-
-    if (!$username || !$email || !$password) {
-        die('All fields are required.');
-    }
-
-    $conn = getConnection();
-    
-    // Check if user exists
-    $stmt = $conn->prepare("SELECT id FROM Users WHERE email = ?");
-    $stmt->execute([$email]);
-    if ($stmt->fetch()) {
-        die('Email already registered.');
-    }
-
-    $hashed = password_hash($password, PASSWORD_DEFAULT);
-    $stmt = $conn->prepare("INSERT INTO Users (username, email, password) VALUES (?, ?, ?)");
-    $stmt->execute([$username, $email, $hashed]);
-
-    header('Location: login.php');
-    exit;
-}
-?>
-
-<form method="POST">
-    <input type="text" name="username" placeholder="Username" required>
-    <input type="email" name="email" placeholder="Email" required>
-    <input type="password" name="password" placeholder="Password" required>
-    <button type="submit">Register</button>
-</form>
\ No newline at end of file