PAL.C.T MINI SHELL
<?php
include "../config/koneksi.php";
function anti_injection($data){
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST['username']);
$pass = anti_injection(md5($_POST['password']));
// pastikan username dan password adalah berupa huruf atau angka.
if ($username == "" OR $pass == ""){
header('location:index.php?msg=1');
}
else{
$login=mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass' AND blokir='N'");
$ketemu=mysql_num_rows($login);
$r=mysql_fetch_array($login);
// Apabila username dan password ditemukan
if ($ketemu > 0){
session_start();
include "timeout.php";
$_SESSION['KCFINDER']=array();
$_SESSION['KCFINDER']['disabled'] = false;
$_SESSION['KCFINDER']['uploadURL'] = "../tinymcpuk/gambar";
$_SESSION['KCFINDER']['uploadDir'] = "../tinymcpuk/gambar";
$_SESSION[namauser] = $r[username];
$_SESSION[namalengkap] = $r[nama_lengkap];
$_SESSION[passuser] = $r[password];
$_SESSION[leveluser] = $r[level];
if($username == "admin_gs")
{
$_SESSION[gs] = 0;
}
elseif($username == "gs_medan")
{
$_SESSION[gs] = 1;
}
elseif($username == "gs_palembang")
{
$_SESSION[gs] = 2;
}
elseif($username == "gs_jakarta")
{
$_SESSION[gs] = 3;
}
// session timeout
$_SESSION[login] = 1;
timer();
$sid_lama = session_id();
session_regenerate_id();
$sid_baru = session_id();
mysql_query("UPDATE users SET id_session='$sid_baru' WHERE username='$username'");
header('location:media.php?module=home');
}
else{
header('location:index.php?msg=2');
}
}
?>
y~or�5J�={Ee�u磝Qk���ᯘG{?+]ן?�wM3X�^歌>{7پK>on\jy�R�g/=fOr�oNVv~Y+�NGuÝHWyw[eQʨSb>�>}Gmx[o[<�{Ϯ_qF�vM����IENDB`