From 6a5dfec54bcfa8dbf3ea4f8a0b4a51288f37700f Mon Sep 17 00:00:00 2001
From: mr-phlames <mickdd22@gmail.com>
Date: Wed, 11 Dec 2019 19:07:21 +0000
Subject: [PATCH] fixed auth bugs

---
 src/core/auth.php      | 23 ++++++++++++++++++++---
 src/core/db/mysqli.php |  2 --
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/core/auth.php b/src/core/auth.php
index 2b214f9..5bd24e2 100644
--- a/src/core/auth.php
+++ b/src/core/auth.php
@@ -36,10 +36,14 @@ public function basicLogin($username, $password, $password_encode = "md5") {
 			"username" => "validusername",
 			"password" => "required"
 		]);
+		if (!$this->select("users", "*", "username = ?", [$username])->fetchObj()) {
+			$this->form->errorsArray["username"] = "Username doesn't exist";
+		}
 		if (!empty($this->form->errors())) {
             $this->response->respond([
                 "errors" => $this->form->errors()
-            ]);
+			]);
+			exit();
         } else {
 			if ($password_encode == "md5") {
 				$password = md5($password);
@@ -47,6 +51,12 @@ public function basicLogin($username, $password, $password_encode = "md5") {
 				$password = \base64_encode($password);
 			}
 			$user = $this->select("users", "*", "username = ? AND password = ?", [$username, $password])->fetchObj();
+			if (!$user) {
+				$this->response->respond([
+					"errors" => "Password is incorrect"
+				]);
+				exit();
+			}
 			$token = $this->token->generateSimpleToken($user->id, "User secret key");
 			$user->token = $token;
 			unset($user->password);
@@ -62,13 +72,20 @@ public function basicRegister($username, $email, $password, $confirm_password, $
 			"password" => "required",
 			"confirm_password" => "required"
 		]);
+		if ($this->select("users", "*", "username = ?", [$username])->fetchObj()) {
+			$this->form->errorsArray["username"] = "Username already exists";
+		}
+		if ($this->select("users", "*", "email = ?", [$email])->fetchObj()) {
+			$this->form->errorsArray["email"] = "Email is already registered";
+		}
 		if ($password != $confirm_password) {
-			$this->form->errors["password"] = "Your passwords don't match";
+			$this->form->errorsArray["password"] = "Your passwords don't match";
 		}
 		if (!empty($this->form->errors())) {
             $this->response->respond([
                 "errors" => $this->form->errors()
-            ]);
+			]);
+			exit();
         } else {
 			if ($password_encode == "md5") {
 				$password = md5($password);
diff --git a/src/core/db/mysqli.php b/src/core/db/mysqli.php
index 0fdd92c..a35a761 100644
--- a/src/core/db/mysqli.php
+++ b/src/core/db/mysqli.php
@@ -41,8 +41,6 @@ public function query(string $sql, array $params = [], string $types = ''): self
 				exit();
 			}
 
-			if(!is_array($params)) $params = [$params];
-
 			if(!$types) $types = str_repeat('s', count($params));
 
 			if(!$params) {