From e3a9def0db411e03350ced83a2e157fd433d7c12 Mon Sep 17 00:00:00 2001
From: CodeServer <CodeServer@jlu42.com>
Date: Fri, 30 Jul 2021 11:44:17 +0100
Subject: [PATCH] blocked shopping.php for non-logged in user

---
 php/login.php         | 3 ++-
 shopping/shopping.php | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/php/login.php b/php/login.php
index ad82d20..c20517d 100644
--- a/php/login.php
+++ b/php/login.php
@@ -25,7 +25,6 @@ $result = query_username($conn, $userName);
 
 if ($result->num_rows > 0) {
     $row = $result->fetch_assoc();
-    $_SESSION['username'] = $userName;
 
     $passWord_hashed = $row["C_Password"];
     $passWord_correct = password_verify($passWord_user, $passWord_hashed);
@@ -45,6 +44,7 @@ if ($result->num_rows > 0) {
          
         //     if($response->success){
         //         echo "Verification success.";
+        //         $_SESSION['username'] = $userName;
         //         header("Location: shopping.php");
         //     } else {
         //         echo "<script> alert('reCAPTHCA verification failed, please try again.');location.href='login.php'; </script>";
@@ -58,6 +58,7 @@ if ($result->num_rows > 0) {
 
         // TODO: delete later
         echo "Verification success.";
+        $_SESSION['username'] = $userName;
         header("Location: ../shopping/shopping.php");
     }
 
diff --git a/shopping/shopping.php b/shopping/shopping.php
index 62666b5..6893018 100644
--- a/shopping/shopping.php
+++ b/shopping/shopping.php
@@ -4,6 +4,10 @@
   require_once '../php/connection.php';
   $conn = connectMysql();
   session_start();
+  if(!isset($_SESSION['username'])) {
+      header('Location: ../index.html');
+      exit();
+  }
   ?>
   <head>
     <!-- Required meta tags -->