diff --git a/includes/common.php b/includes/common.php
index 8b18fe3..959db48 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -1,4 +1,7 @@
-
Insecure PHP Application for SQL Injection Testing
\ No newline at end of file
+Insecure PHP Application for SQL Injection Testing
+
\ No newline at end of file
diff --git a/login.php b/login.php
index d04f1fc..45cbf78 100644
--- a/login.php
+++ b/login.php
@@ -6,19 +6,27 @@
exit;
}
- if (!isset($_POST['username'], $_POST['password'])) {
+ if (!isset($_REQUEST['username'], $_REQUEST['password'])) {
header('Location: ./');
exit;
}
- $username = $_POST['username'];
- $password = $_POST['password'];
+ $username = $_REQUEST['username'];
+ $password = $_REQUEST['password'];
$con = connect();
- $getUser = mysqli_query($con, "SELECT * FROM users WHERE username='$username' AND password='$password';");
+ $sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";
+
+ $getUser = mysqli_query($con, $sql);
+
+ if (!$getUser) {
+ header('Location: ./');
+ exit;
+ }
+
$user = mysqli_fetch_assoc($getUser);
$_SESSION['id'] = $user['id'];
- header('Location: ./user.php');
+ header('Location: ./');
exit;
?>
\ No newline at end of file
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..535e6dd
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,7 @@
+
+
+ Logout