fix : login bug
This commit is contained in:
+17
-4
@@ -4,15 +4,28 @@ include 'koneksi.php';
|
|||||||
|
|
||||||
$error = '';
|
$error = '';
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$username = trim($_POST['username'] ?? '');
|
// Gunakan mysqli_real_escape_string untuk mengamankan input dari SQL Injection
|
||||||
$password = md5(trim($_POST['password'] ?? ''));
|
$username = mysqli_real_escape_string($conn, trim($_POST['username'] ?? ''));
|
||||||
|
|
||||||
|
// PERBAIKAN: Menghapus md5() agar cocok dengan database teks polos kamu saat ini
|
||||||
|
$password = trim($_POST['password'] ?? '');
|
||||||
|
|
||||||
$q = mysqli_query($conn, "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
|
$q = mysqli_query($conn, "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
|
||||||
|
|
||||||
if ($q && mysqli_num_rows($q) > 0) {
|
if ($q && mysqli_num_rows($q) > 0) {
|
||||||
$user = mysqli_fetch_assoc($q);
|
$user = mysqli_fetch_assoc($q);
|
||||||
$_SESSION['user_id'] = $user['id'];
|
$_SESSION['user_id'] = $user['id'];
|
||||||
$_SESSION['user_nama'] = $user['nama'];
|
|
||||||
|
// Sesuaikan dengan nama kolom di database kamu (nama_lengkap)
|
||||||
|
$_SESSION['user_nama'] = $user['nama_lengkap'];
|
||||||
$_SESSION['user_role'] = $user['role'];
|
$_SESSION['user_role'] = $user['role'];
|
||||||
header('Location: index.php');
|
|
||||||
|
// Alur tambahan khusus folder 02 (UAS): Walikota langsung diarahkan ke dashboard-nya
|
||||||
|
if ($user['role'] === 'walikota' && file_exists('walikota.php')) {
|
||||||
|
header('Location: walikota.php');
|
||||||
|
} else {
|
||||||
|
header('Location: index.php');
|
||||||
|
}
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
$error = 'Username atau password salah!';
|
$error = 'Username atau password salah!';
|
||||||
|
|||||||
+17
-4
@@ -4,15 +4,28 @@ include 'koneksi.php';
|
|||||||
|
|
||||||
$error = '';
|
$error = '';
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$username = trim($_POST['username'] ?? '');
|
// Gunakan mysqli_real_escape_string untuk mengamankan input dari SQL Injection
|
||||||
$password = md5(trim($_POST['password'] ?? ''));
|
$username = mysqli_real_escape_string($conn, trim($_POST['username'] ?? ''));
|
||||||
|
|
||||||
|
// PERBAIKAN: Menghapus md5() agar cocok dengan database teks polos kamu saat ini
|
||||||
|
$password = trim($_POST['password'] ?? '');
|
||||||
|
|
||||||
$q = mysqli_query($conn, "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
|
$q = mysqli_query($conn, "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
|
||||||
|
|
||||||
if ($q && mysqli_num_rows($q) > 0) {
|
if ($q && mysqli_num_rows($q) > 0) {
|
||||||
$user = mysqli_fetch_assoc($q);
|
$user = mysqli_fetch_assoc($q);
|
||||||
$_SESSION['user_id'] = $user['id'];
|
$_SESSION['user_id'] = $user['id'];
|
||||||
$_SESSION['user_nama'] = $user['nama'];
|
|
||||||
|
// Sesuaikan dengan nama kolom di database kamu (nama_lengkap)
|
||||||
|
$_SESSION['user_nama'] = $user['nama_lengkap'];
|
||||||
$_SESSION['user_role'] = $user['role'];
|
$_SESSION['user_role'] = $user['role'];
|
||||||
header('Location: index.php');
|
|
||||||
|
// Alur tambahan khusus folder 02 (UAS): Walikota langsung diarahkan ke dashboard-nya
|
||||||
|
if ($user['role'] === 'walikota' && file_exists('walikota.php')) {
|
||||||
|
header('Location: walikota.php');
|
||||||
|
} else {
|
||||||
|
header('Location: index.php');
|
||||||
|
}
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
$error = 'Username atau password salah!';
|
$error = 'Username atau password salah!';
|
||||||
|
|||||||
Reference in New Issue
Block a user