Upload files to "old_progress"

2026-03-16 15:09:56 +01:00
commit ec18c5be93
5 changed files with 688 additions and 0 deletions
@@ -0,0 +1,18 @@
 <?php 
 $cas =  time() + 60 * 60 * 24 * 31;
 echo "cas:" . $cas . "<hr>";
 $cas_format = date("Y-m-d H:i:s", $cas);
 echo "cas_format:"  .$cas_format . "<hr>";
 $cas_timestamp = strtotime($cas_format);
 echo "cas timestamp:" . $cas_timestamp . "<hr>";
 echo "timestamp 123: " . date("Y-m-d H:i:s", "123") . "<hr>";
 echo "timestamp 1649194733: " . date("Y-m-d H:i:s", "1649194733") . "<hr>";
 echo "timestamp 9999999999: " . date("Y-m-d H:i:s", "9999999999") . "<hr>";
 echo "timestamp 1234567890: " . date("Y-m-d H:i:s", "1234567890") . "<hr>";
 ?>
@@ -0,0 +1,11 @@
 <?php 
 $heslo = "heslo";
 echo "heslo je: " . $heslo . "<br>";
 $heslohash = password_hash($heslo, PASSWORD_BCRYPT);
 echo "zahashovane heslo je: " . $heslohash . "<br>";
 $jeheslook = password_verify($heslo, $heslohash);
 echo "je heslo ok? " . $jeheslook;
 ?>
@@ -0,0 +1,593 @@
 <?php 
 // TODO  - popisky
 // TODO - pøejmenovat promìnné sql pøíkazù, aby byly pokaždé jiné
 //ZAÈÁTEK SESSION
 session_start();
 //PØIPOJENÍ K DB
 require_once "mysql_config.php";
 /*
 --       ------   ------   ------  --    -- -------- 
 --      --    -- --       --    -- --    --    --    
 --      --    -- --   --- --    -- --    --    --    
 --      --    -- --    -- --    -- --    --    --    
 -------  ------   ------   ------   ------     --                                                       
 */
 if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "odhlaseni")){
    $_SESSION = array();
    session_destroy();
    if (isset($_COOKIE['user_id'])) {
        unset($_COOKIE['user_id']);
        setcookie('user_id', '', time() - 3600, '/'); // empty value and old timestamp
    }
    if (isset($_COOKIE['selector'])) {
        unset($_COOKIE['selector']);
        setcookie('selector', '', time() - 3600, '/'); // empty value and old timestamp
    }
    if (isset($_COOKIE['token'])) {
        unset($_COOKIE['token']);
        setcookie('token', '', time() - 3600, '/'); // empty value and old timestamp
    }
 }
 /*
 ------  -------  ------  -- ------- -------- ------   -----   ------ ------- 
 --   -- --      --       -- --         --    --   -- --   -- --      --      
 ------  -----   --   --- -- -------    --    ------  ------- --      -----   
 --   -- --      --    -- --      --    --    --   -- --   -- --      --      
 --   -- -------  ------  -- -------    --    --   -- --   --  ------ ------- 
 */
 //PROBÍHÁ REGISTRACE?
 if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "registrace")){
    echo "<h1>probiha registrace</h1>";
    echo "prave probiha " . htmlspecialchars(trim($_POST["probiha"]));
    //VYMAZÁNÍ PROMÌNNÝCH
    $email = $password = $confirm_password = "";
    $email_err = $password_err = $confirm_password_err = $pozdrav_err = $db_err = "";
    //OVÌØENÍ EMAILU
    if(empty(htmlspecialchars(trim($_POST["reg_email"])))){
        $reg_email_err = "Email je prázdný.";
    } elseif(!filter_var(htmlspecialchars(trim($_POST["reg_email"])), FILTER_VALIDATE_EMAIL)){
        $reg_email_err = "Email je neplatný.";
    } else{
        //JE EMAIL POUŽITÝ V users?
        $sql = "SELECT `user-id` FROM `users` WHERE `email` = ?";
        if($stmt = mysqli_prepare($mysqli, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_email);
            // Set parameters
            $param_email = htmlspecialchars(trim($_POST["reg_email"]));
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                /* store result */
                mysqli_stmt_store_result($stmt);
                if(mysqli_stmt_num_rows($stmt) == 1){
                    $reg_email_err = "Email už je použitý.";
                } else{
                    $reg_email = htmlspecialchars(trim($_POST["reg_email"]));
                }
            } else{
                $reg_db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
            }
            // Close statement
            mysqli_stmt_close($stmt);
        }
    //} else{
        //JE EMAIL POUŽITÝ V users-pending?
        $sql = "SELECT `user-pending-id` FROM `users-pending` WHERE `email` = ?";
        if($stmt = mysqli_prepare($mysqli, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_email);
            // Set parameters
            $param_email = htmlspecialchars(trim($_POST["reg_email"]));
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                /* store result */
                mysqli_stmt_store_result($stmt);
                if(mysqli_stmt_num_rows($stmt) == 1){
                    $reg_email_err = "Email už je použitý.";
                } else{
                    $reg_email = htmlspecialchars(trim($_POST["reg_email"]));
                }
            } else{
                $reg_db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
            }
            // Close statement
            mysqli_stmt_close($stmt);
        }
    }
    // OVÌØENÍ HESLA
    if(empty(htmlspecialchars(trim($_POST["reg_password"])))){
        $reg_password_err = "Heslo je prázdné.";     
    } elseif(strlen(htmlspecialchars(trim($_POST["reg_password"]))) < 6){
        $reg_password_err = "Heslo musí mít alespoò 6 znakù";
    } else{
        $reg_password = htmlspecialchars(trim($_POST["reg_password"]));
    }
    // OVÌØENÍ POTVRZENÍ HESLA
    if(empty(htmlspecialchars(trim($_POST["reg_confirm_password"])))){
        $reg_confirm_password_err = "Heslo musí být potvrzené.";     
    } else{
        $reg_confirm_password = htmlspecialchars(trim($_POST["reg_confirm_password"]));
        if(empty($reg_password_err) && ($reg_password != $reg_confirm_password)){
            $reg_confirm_password_err = "Heslo není správnì potvrzené.";
        }
    }
    // OVÌØENÍ POZDRAVU
    if(empty(htmlspecialchars(trim($_POST["reg_pozdrav"])))){
        $reg_pozdrav_err = "Pozdrav je prázdný";     
    } else{
        $reg_pozdrav = htmlspecialchars(trim($_POST["reg_pozdrav"]));
    }
    // Check input errors before inserting in database
    if(empty($reg_email_err) && empty($reg_password_err) && empty($reg_confirm_password_err) && empty($reg_pozdrav_err) && empty($reg_db_err)){
        // Prepare an insert statement
        $sql = "INSERT INTO `users-pending` (`email`, `heslo`, `pozdrav`) VALUES (?, ?, ?)";
        if($stmt = mysqli_prepare($mysqli, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "sss", $param_email, $param_heslo, $param_pozdrav);
            // Set parameters
            $param_email = $reg_email;
            $param_heslo = password_hash($reg_password, PASSWORD_BCRYPT); // Creates a password hash
            $param_pozdrav = $reg_pozdrav;
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to login page
                echo "Registrace probìhla úspìšnì.";
                exit;
            } else{
                $reg_db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
            }
            // Close statement
            mysqli_stmt_close($stmt);
        }
    }
    // Close connection
    mysqli_close($mysqli);
 }
 /*
 ------- ---    --- ------- ---    --  -----      --   -- ------- ------- --       -----  
   ---  ----  ---- --      ----   -- --   --     --   -- --      --      --      --   -- 
  ---   -- ---- -- -----   -- --  -- -------     ------- -----   ------- --      ------- 
 ---    --  --  -- --      --  -- -- --   --     --   -- --           -- --      --   -- 
 ------- --      -- ------- --   ---- --   --     --   -- ------- ------- ------- --   -- 
 */
 if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "zmenahesla")){
    echo "<h1>zmìna hesla</h1>";
    //TODO
 }
 /*
 --       ------   ------  -- ---    -- 
 --      --    -- --       -- ----   -- 
 --      --    -- --   --- -- -- --  -- 
 --      --    -- --    -- -- --  -- -- 
 -------  ------   ------  -- --   ---- 
 */
 //PROBÍHÁ PØIHLAŠOVÁNÍ?
 if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "prihlasovani")){
    // echo "<h1>probiha prihlasovani</h1>";
    // echo "prave probiha " . htmlspecialchars(trim($_POST["probiha"]));
    $email = $password = "";
    $email_err = $password_err = $login_err = "";
    // KONTROLA EMAILU, JESTLI NENÍ PRÁZDNÝ
    if(empty(htmlspecialchars(trim($_POST["email"])))){
        $email_err = "Email není vyplnìný.";
    } else{
    $email = htmlspecialchars(trim($_POST["email"]));
    }    
    // KONTROLA HESLA, JESTLI NENÍ PRÁZDNÉ
    if(empty(htmlspecialchars(trim($_POST["password"])))){
        $password_err = "Heslo není vyplnìné.";
    } else{
        $password = htmlspecialchars(trim($_POST["password"]));
    }
    // OVÌØENÍ JMÉNA A HESLA
    if(empty($email_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT `user-id`, `email`, `heslo` FROM `users` WHERE `email` = ?";
        if($stmt = mysqli_prepare($mysqli, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_email);
            // Set parameters
            $param_email = $email;
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);
                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $user_id, $email, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            // Password is correct, so start a new session
 //                            session_start();
                            // Store data in session variables
                            /*
                            $_SESSION["loggedin"] = true;
                            $_SESSION["user_id"] = $user_id;
                            $_SESSION["email"] = $email;    
                            */
                            // PØIHLÁSIT NATRVALO?
                            if(htmlspecialchars(trim($_POST["zapamatovat"])) == true){
                                // echo "<br>zapamatovat<br>";
                                // pøíprava promìnných
                                $cookie_token = bin2hex(random_bytes(32));
                                $cookie_token_hashed = password_hash($cookie_token, PASSWORD_BCRYPT);
                                $cookie_user_id = $user_id;
                                $cookie_expires = time() + 60 * 60 * 24 * 31;
                                    for ($i = 0; $i <= 1000; $i++) {
                                        $temp_selector = substr(bin2hex(random_bytes(12)),0,12);
                                        $sqlfor = "SELECT `token-id` FROM `tokeny` WHERE `selector` = ?";
                                        if($stmtfor = mysqli_prepare($mysqli, $sqlfor)){
                                            // Bind variables to the prepared statement as parameters
                                            mysqli_stmt_bind_param($stmtfor, "s", $param_selector);
                                            // Set parameters
                                            $param_selector = $temp_selector;
                                            // Attempt to execute the prepared statement
                                            if(mysqli_stmt_execute($stmtfor)){
                                                /* store result */
                                                mysqli_stmt_store_result($stmtfor);
                                                if(mysqli_stmt_num_rows($stmtfor) == 1){
                                                } else{
                                                    $cookie_selector = $temp_selector;
                                                    mysqli_stmt_close($stmtfor);
                                                    break;
                                                }
                                            } else{
                                            $login_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
                                            break;
                                            }
                                        // Close statement
                                        mysqli_stmt_close($stmt);
                                        }
                                        if($i = 1000){
                                            $login_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
                                        }
                                    }
                                // echo "token: " . $cookie_token . "<br>token_hashed: " . $cookie_token_hashed . "<br>user_id: " . $cookie_user_id . "<br>expires: " . $cookie_expires . "<br>slector: " . $cookie_selector . "<hr>";
                                if(empty($login_err)) {
                                    // zapsat cookie (selector, token, user-id)
                                    setcookie("user_id", $cookie_user_id, $cookie_expires, "/");
                                    setcookie("selector", $cookie_selector, $cookie_expires, "/");
                                    setcookie("token", $cookie_token, $cookie_expires, "/");
                                    // zapsat do tabulky tokeny (selector, token_heshed, user-id, expires)
                                    $sql = "INSERT INTO `tokeny` (`user-id`, `selector`, `token`, `expires`) VALUES (?, ?, ?, ?)";
                                    if($stmt = mysqli_prepare($mysqli, $sql)){
                                        // Bind variables to the prepared statement as parameters
                                        mysqli_stmt_bind_param($stmt, "ssss", $param_user_id, $param_selector, $param_token, $param_expires);
                                        // Set parameters
                                        $param_user_id = $cookie_user_id;
                                        $param_selector = $cookie_selector;
                                        $param_token = $cookie_token_hashed;
                                        $param_expires = $cookie_expires; // TODO - upravit, aby obì data byla stejná
                                        // Attempt to execute the prepared statement
                                        if(mysqli_stmt_execute($stmt)){
                                            // Redirect to login page
                                            // exit;
                                        } else{
                                            $db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
                                        }
                                        // Close statement
                                        //mysqli_stmt_close($stmt);
                                    }
                                }
                            }
                            if(empty($login_err)) {
                                $_SESSION["loggedin"] = true;
                                $_SESSION["user_id"] = $user_id;
                                $_SESSION["email"] = $email;
                                echo "pøihlášeno";
                            }    
                            // Redirect user to welcome page
 //                            header("location: welcome.php");
                        } else{
                            // Password is not valid, display a generic error message
                            $login_err = "Email je špatnì, nebo heslo je špatnì.";
                        }
                    }
                } else{
                    // Username doesn't exist, display a generic error message
                    $login_err = "Email je špatnì, nebo heslo je špatnì.";
                }
            } else{
                $db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
            }
            // Close statement
            mysqli_stmt_close($stmt);
        }
    }
    // Close connection
    mysqli_close($mysqli);
 //    exit;
 }
 /*
 -------  ------  ------  ---    --- --    -- --       -----  ------  ------- 
 --      --    -- --   -- ----  ---- --    -- --      --   -- --   -- --      
 -----   --    -- ------  -- ---- -- --    -- --      ------- ------  -----   
 --      --    -- --   -- --  --  -- --    -- --      --   -- --   -- --      
 --       ------  --   -- --      --  ------  ------- --   -- --   -- ------- 
 */
 //JE NÌKDO PØIHLÁŠENÝ?
 /*
 ?1? existuje session
 (všechny session promìnné existují)
 ANO - pokraèovat na ?6? (pøeskoèit 2 až 5)
 NE - kontrola cookies
 */
 $jeprihlaseniok = false;
 $jeprihlaseniok_err = ""; 
 if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || !isset($_SESSION["user_id"]) || !isset($_SESSION["email"])) {
 //echo "tadyhle1";
 /*
 ?2? existují cookies
 (všechny cookies promìnné existují)
 ANO - pokraèovat na ?3?
 NE - nepøihlášeno
 */
    if(isset($_COOKIE["user_id"]) && isset($_COOKIE["selector"]) && isset($_COOKIE["token"])) {
 /*
 ?3? kontrola cookies - èas
 (všechny cookies jsou platné)
 ANO - pokraèovat na ?4?
 NE - nepøihlášeno
 */
        $sql = "SELECT `user-id`, `token`, `expires` FROM `tokeny` WHERE `selector` = ?";
        if($stmt = mysqli_prepare($mysqli, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_selector);
            // Set parameters
            $param_selector = $_COOKIE["selector"];
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);
                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $token_user_id, $token_token, $token_expires);
                    if(mysqli_stmt_fetch($stmt)){
                        // kontrola èasu (expirace cookie)
                        if($token_expires > time()){
                            // kontrola user (jestli je v tokenu stejný uživatel jako v cookies)
                            if($token_user_id == $_COOKIE["user_id"]) {
                                //kontrola tokenu (jetli je token správný)
                                if(password_verify($_COOKIE["token"], $token_token)){
                                    $jeprihlaseniok = true;
                                    //echo "JOJOJO";
                                    $cas_tedkonc = time();
                                    $cookie_prodlouzeni = $cas_tedkonc + 60 * 60 * 24 * 31;
                                    // - prodloužit èas cookies v cookies
                                    setcookie("user_id", $_COOKIE["user_id"], $cookie_prodlouzeni, "/");
                                    setcookie("selector", $_COOKIE["selector"], $cookie_prodlouzeni, "/");
                                    setcookie("token", $_COOKIE["token"], $cookie_prodlouzeni, "/");                                    
                                    // - prodloužit èas cookies v db tokeny
                                    $sql = "UPDATE `tokeny` SET `expires` = ? WHERE `selector` = ?";
                                    if($stmt = mysqli_prepare($mysqli, $sql)){
                                        // Bind variables to the prepared statement as parameters
                                        mysqli_stmt_bind_param($stmt, "is", $param_expires, $param_selector);
                                        // Set parameters
                                        $param_expires = $cookie_prodlouzeni;
                                        $param_selector = $_COOKIE["selector"];
                                        // Attempt to execute the prepared statement
                                        if(mysqli_stmt_execute($stmt)){
                                        }
                                    }
                                    // - mazání starých tokenù v db
                                    $sql_smazat_stare_tokeny = "DELETE FROM `tokeny` WHERE `expires`<?";
                                    if($stmt_smazat_stare_tokeny = mysqli_prepare($mysqli, $sql_smazat_stare_tokeny)){
                                        mysqli_stmt_bind_param($stmt_smazat_stare_tokeny, "i", $param_sst_expires);
                                        $param_sst_expires = $cas_tedkonc;
                                        if(mysqli_stmt_execute($stmt_smazat_stare_tokeny)){
                                        }
                                    }
                                }
                            }
                        }                
                    }
                }
            }
        }
 /*
 ?4? kontrola cookies - token
 (selectorem vybrat token a zkontrolovat jeho správnost)
 ANO - pokraèovat na ?5?
 NE - nepøihlášeno
 */
 /*
 ?5? zápis session a prodloužení cookies
 (zapsat promìnné session jako pøi loginu)
 (prodloužit èas cookies v cookies i databázi)
 - pokraèovat na ?6?
 ERROR - nepøihlášeno 
 */
    }
 }
 /*
 ?6? kontrola session
 (všechny promìnné sessions existují)
 ANO - pøihlášeno
 NE - nepøihlášeno 
 */
 /*
 nepøihlášeno = formuláøe
 pøihlášeno = hlavní obsah
 */
 if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == true){
 $jeprihlaseniok = true;
 }
 if(!isset($jeprihlaseniok) || $jeprihlaseniok !== true){
    echo "<h1>formulare</h1>";
 ?>
 <h2>registrace</h2>
 <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <input type="hidden" name="probiha" value="registrace">
    <span class="invalid-feedback"><?php echo $reg_db_err; ?></span>
    <div class="form-group">
        <label>email</label>
        <input type="text" name="reg_email" class="form-control <?php echo (!empty($reg_email_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $_POST["reg_email"]; ?>">
        <span class="invalid-feedback"><?php echo $reg_email_err; ?></span>
    </div>    
    <div class="form-group">
        <label>heslo</label>
        <input type="password" name="reg_password" class="form-control <?php echo (!empty($reg_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $_POST["reg_password"]; ?>">
        <span class="invalid-feedback"><?php echo $reg_password_err; ?></span>
    </div>
    <div class="form-group">
        <label>potvrzeni hesla</label>
        <input type="password" name="reg_confirm_password" class="form-control <?php echo (!empty($reg_confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $_POST["reg_confirm_password"]; ?>">
        <span class="invalid-feedback"><?php echo $reg_confirm_password_err; ?></span>
    </div>
    <div class="form-group">
        <label>pozdrav</label>
        <textarea type="password" name="reg_pozdrav" class="form-control <?php echo (!empty($reg_pozdrav_err)) ? 'is-invalid' : ''; ?>"><?php echo $_POST["reg_pozdrav"]; ?></textarea>
        <span class="invalid-feedback"><?php echo $reg_pozdrav_err; ?></span>
    </div>
    <div class="form-group">
        <input type="submit" class="btn btn-primary" value="Submit">
        <input type="reset" class="btn btn-secondary ml-2" value="Reset">
    </div>
 </form>
 <h2>prihlaseni</h2>
 <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <input type="hidden" name="probiha" value="prihlasovani">
    <span class="invalid-feedback"><?php echo $db_err; ?></span>
    <span class="invalid-feedback"><?php echo $login_err; ?></span>
    <div class="form-group">
        <label>email</label>
        <input type="text" name="email" class="form-control <?php echo (!empty($email_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $email; ?>">
        <span class="invalid-feedback"><?php echo $email_err; ?></span>
    </div>    
    <div class="form-group">
        <label>heslo</label>
        <input type="password" name="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $password; ?>">
        <span class="invalid-feedback"><?php echo $password_err; ?></span>
    </div>
    <div class="form-group">
        <label>zapamatovat?</label>
        <input type="checkbox" name="zapamatovat" class="form-control" value="zapamatovat">
    </div>
    <div class="form-group">
        <input type="submit" class="btn btn-primary" value="Submit">
        <input type="reset" class="btn btn-secondary ml-2" value="Reset">
    </div>
 </form>
 <?php
    exit;
 }
 ?>
 <h1>parada</h1>
 obsah stranky
 <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <input type="hidden" name="probiha" value="odhlaseni">
    <input type="submit" class="btn btn-primary" value="odhlásit">
 </form>
@@ -0,0 +1,21 @@
 <?php
    session_start();
    include('mysql_config.php');
 ?>
 <h1>prihlasovaci formular</h1>
 <form method="POST" action="login_process.php">
    <label>email:</label> <input type="text" name="uemail">
    <label>heslo:</label> <input type="password" name="upass"><br><br>
    <input type="checkbox" name="urem"> Remember me <br><br>
    <input type="submit" value="Login" name="login">
 </form>
 <?php
 	if (isset($_SESSION['message'])){
 		echo $_SESSION['message'];
 	}
 	unset($_SESSION['message']);
 ?>
@@ -0,0 +1,45 @@
 <?php
 	if(isset($_POST['login'])){
 		session_start();
 		include('mysql_config.php');
 		$uemail=$_POST['uemail']; //TODO - osetrit
 		$upass=$_POST['upass'];
        $urem=$_POST['urem'];
        echo "<hr><b>POST</b><br>uemail: " . $uemail . "<br>upass: " . $upass . "<br>urem: " . $urem . "<hr>";
 		//$query=mysqli_query($mysqli,"select * from `users` where username='$username' && password='$password'");
        $stmt = mysqli_prepare($mysqli, "SELECT `user-id`, `email`, `heslo` FROM users WHERE email = ?");
        mysqli_stmt_bind_param($stmt, "s", $uemail);
        mysqli_stmt_execute($stmt);
        $row = mysqli_stmt_fetch($stmt);
        mysqli_stmt_bind_result($stmt, $muserid, $memail, $mheslo);
        echo "<hr><b>MYSQL</b><br>muserid: " . $muserid . "<br>memail: " . $memail . "<br>mheslo: " . $mheslo . "<hr>";
 /*
 		if (mysqli_num_rows($query) == 0){
 			$_SESSION['message']="Login Failed. User not Found!";
 			header('location:login.php');
 		}
 		else{
 			$row=mysqli_fetch_array($query);
 			if (isset($_POST['remember'])){
 				//set up cookie
 				setcookie("user", $row['username'], time() + (86400 * 30)); 
 				setcookie("pass", $row['password'], time() + (86400 * 30)); 
 			}
 			$_SESSION['id']=$row['userid'];
 			header('location:success.php');
 		}
        */
 	}
 	else{
 		header('location:login.php');
 		$_SESSION['message']="Please Login!";
 	}
 ?>