test

blokus.php

@@ -47,6 +47,8 @@
 $router->add('POST', 'users/logout', 'logoutUser');  // POST /users/logout -> logoutUser function
 $router->add('GET', 'users/session', 'checkSession');  // GET /users/session -> checkSession function
 
+
+
 //lobby functions
 $router->add('GET', 'lobbys', 'getLobbies');
 

lib/users.php

@@ -9,13 +9,16 @@
 function registerUser($username, $password) {
     try {
         $pdo = getDatabaseConnection();
+
+        // Hash the password securely using PHP's password_hash
         $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
 
-        $sql = "INSERT INTO users (username, password_hash) VALUES (:username, :password)";
+        // Call the stored procedure to create the user with the securely hashed password
+        $sql = "CALL CreateUser(:username, :password)";
         $stmt = $pdo->prepare($sql);
         $stmt->execute([
             ':username' => $username,
-            ':password' => $hashedPassword,
+            ':password' => $hashedPassword, // Use the hashed password here
         ]);
 
         echo json_encode(['success' => true, 'message' => 'User registered successfully']);
@@ -25,6 +28,7 @@ function registerUser($username, $password) {
 }
 
 
+
 // **Login Function (Authenticate User)**
 function loginUser($username, $password) {
     session_start();
@@ -40,7 +44,7 @@ function loginUser($username, $password) {
 
         if ($user) {
             // Verify the entered password with the stored hashed password
-            if (password_verify($password, $user['password'])) {
+            if (password_verify($password, $user['password_hash'])) {
                 // If login is successful, store the user details in session
                 $_SESSION['user_id'] = $user['user_id'];
                 $_SESSION['username'] = $user['username'];
@@ -57,7 +61,6 @@ function loginUser($username, $password) {
 }
 
 
-
 // **Logout Function (Destroy User Session)**
 function logoutUser() {
     session_start();