From d42a6dd03471e8c6c2bfb9ff01ed6cc21d78c3ae Mon Sep 17 00:00:00 2001
From: Alex Thomassen <alex@thomassen.xyz>
Date: Mon, 18 Nov 2019 11:30:22 +0100
Subject: [PATCH] Fix

---
 includes/common.php | 10 ++++++++++
 includes/config.php |  2 +-
 includes/head.php   |  7 ++++++-
 login.php           | 18 +++++++++++++-----
 logout.php          |  7 +++++++
 user.php            |  2 ++
 6 files changed, 39 insertions(+), 7 deletions(-)
 create mode 100644 logout.php

diff --git a/includes/common.php b/includes/common.php
index 8b18fe3..959db48 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -1,4 +1,7 @@
 <?php
+    ini_set('display_errors', true);
+    error_reporting(E_ALL);
+
     require 'config.php';
 
     function connect()
@@ -6,4 +9,11 @@
         return mysqli_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE);
     }
 
+    function text($text = '')
+    {
+        header('Content-Type: text/plain');
+        echo $text;
+        exit;
+    }
+
     session_start();
\ No newline at end of file
diff --git a/includes/config.php b/includes/config.php
index df53207..2728c51 100644
--- a/includes/config.php
+++ b/includes/config.php
@@ -2,4 +2,4 @@
     define('MYSQL_HOST', 'localhost');
     define('MYSQL_USERNAME', 'secure');
     define('MYSQL_PASSWORD', 'password');
-    define('MYSQL_DATABASE', 'securedb');
\ No newline at end of file
+    define('MYSQL_DATABASE', 'verysecure');
\ No newline at end of file
diff --git a/includes/head.php b/includes/head.php
index b7bc224..742f033 100644
--- a/includes/head.php
+++ b/includes/head.php
@@ -1,3 +1,8 @@
 <meta charset="UTF-8">
 <link href="https://stackpath.bootstrapcdn.com/bootswatch/4.3.1/lux/bootstrap.min.css" rel="stylesheet" integrity="sha384-hVpXlpdRmJ+uXGwD5W6HZMnR9ENcKVRn855pPbuI/mwPIEKAuKgTKgGksVGmlAvt" crossorigin="anonymous">
-<title>Insecure PHP Application for SQL Injection Testing</title>
\ No newline at end of file
+<title>Insecure PHP Application for SQL Injection Testing</title>
+<style type="text/css">
+    body {
+        margin-top: 70px;
+    }
+</style>
\ No newline at end of file
diff --git a/login.php b/login.php
index d04f1fc..45cbf78 100644
--- a/login.php
+++ b/login.php
@@ -6,19 +6,27 @@
         exit;
     }
 
-    if (!isset($_POST['username'], $_POST['password'])) {
+    if (!isset($_REQUEST['username'], $_REQUEST['password'])) {
         header('Location: ./');
         exit;
     }
     
-    $username = $_POST['username'];
-    $password = $_POST['password'];
+    $username = $_REQUEST['username'];
+    $password = $_REQUEST['password'];
 
     $con = connect();
-    $getUser = mysqli_query($con, "SELECT * FROM users WHERE username='$username' AND password='$password';");
+    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";
+
+    $getUser = mysqli_query($con, $sql);
+
+    if (!$getUser) {
+        header('Location: ./');
+        exit;
+    }
+
     $user = mysqli_fetch_assoc($getUser);
 
     $_SESSION['id'] = $user['id'];
-    header('Location: ./user.php');
+    header('Location: ./');
     exit;
 ?>
\ No newline at end of file
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..535e6dd
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,7 @@
+<?php
+    require 'includes/common.php';
+
+    session_destroy();
+
+    header('Location: ./');
+    exit;
diff --git a/user.php b/user.php
index 6d2dede..4c0de69 100644
--- a/user.php
+++ b/user.php
@@ -42,6 +42,8 @@
                 <?php
             }
         ?>
+
+        <a href="./logout.php" class="btn btn-danger">Logout</a>
     </div>
 </body>
 </html>
\ No newline at end of file