<?php
error_reporting(0);
include "konfig/koneksi.php";
function anti_injection($data){
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST['username']);
$pass = anti_injection(md5($_POST['password']));
// pastikan username dan password adalah berupa huruf atau angka.
if (!ctype_alnum($username) OR !ctype_alnum($pass)){
?>
<script type="text/javascript">alert("Nama pengguna dan kata sandi tidak boleh kosong");history.go(-1);</script>
<?php
}else{
$login=mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");
$ketemu=mysql_num_rows($login);
$r=mysql_fetch_array($login);
// Apabila username dan password ditemukan
if ($ketemu > 0){
session_start();
include "timeout.php";
$_SESSION['namauser'] = $r['username'];
$_SESSION['passuser'] = $r['password'];
$_SESSION['nama_lengkap'] = $r['nama_lengkap'];
// session timeout
$_SESSION['login'] = 1;
timer();
$sid_lama = session_id();
session_regenerate_id();
$sid_baru = session_id();
mysql_query("UPDATE users SET id_session='$sid_baru' WHERE username='$username'");
header('location:home');
}else{
//echo"$username dan $pass";
?>
<script type="text/javascript">alert("Pastikan nama pengguna dan kata sandi benar");history.go(-1);</script>
<?php
}
}
?>
