/cek_login.php
PHP | 43 lines | 33 code | 8 blank | 2 comment | 2 complexity | 7561ba4aef209de0dd11bcdc3fbddf92 MD5 | raw file
Possible License(s): GPL-2.0
- <?php
- include "config/koneksi.php";
- function anti_injection($data){
- $filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
- return $filter;
- }
-
- $username = anti_injection($_POST['username']);
- $pass = anti_injection(md5($_POST['password']));
-
- // pastikan username dan password adalah berupa huruf atau angka.
- if (!ctype_alnum($username) OR !ctype_alnum($pass)){
- echo "<center>Cannot inject again!</center>";
- }
- else{
- $login=mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass' AND blokir='N'");
- $ketemu=mysql_num_rows($login);
- $r=mysql_fetch_array($login);
-
- // Apabila username dan password ditemukan
- if ($ketemu > 0){
- session_start();
-
- $_SESSION[namauser] = $r[username];
- $_SESSION[namalengkap] = $r[nama_lengkap];
- $_SESSION[passuser] = $r[password];
- $_SESSION[leveluser] = $r[level];
- $_SESSION[seksi] = $r[seksi];
-
- $sid_lama = session_id();
-
- session_regenerate_id();
-
- $sid_baru = session_id();
-
- mysql_query("UPDATE users SET id_session='$sid_baru' WHERE username='$username'");
- header('location:home');
- }
- else{
- header('location:index.php');
- }
- }
- ?>