First commit / commit pertama
This commit is contained in:
@@ -0,0 +1,151 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/config/session.php';
|
||||
require_once __DIR__ . '/config/auth_check.php';
|
||||
startAppSession();
|
||||
|
||||
if (isLoggedIn()) {
|
||||
header('Location: ' . roleHome(currentRole()));
|
||||
exit;
|
||||
}
|
||||
|
||||
$error = '';
|
||||
|
||||
// KF-01: lockout setelah 5x percobaan gagal (jendela 15 menit)
|
||||
const MAX_LOGIN_ATTEMPTS = 5;
|
||||
const LOCKOUT_SECONDS = 900;
|
||||
|
||||
$attempts = $_SESSION['login_attempts'] ?? 0;
|
||||
$lockUntil = $_SESSION['login_lock_until'] ?? 0;
|
||||
$isLocked = $lockUntil > time();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
require_once __DIR__ . '/config/db.php';
|
||||
require_once __DIR__ . '/config/activity.php';
|
||||
|
||||
if ($isLocked) {
|
||||
$sisa = (int)ceil(($lockUntil - time()) / 60);
|
||||
$error = "Terlalu banyak percobaan gagal. Coba lagi dalam {$sisa} menit.";
|
||||
} else {
|
||||
$username = trim($_POST['username'] ?? '');
|
||||
$password = $_POST['password'] ?? '';
|
||||
|
||||
if ($username && $password) {
|
||||
$pdo = Database::getConnection();
|
||||
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ? LIMIT 1");
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if ($user && (int)$user['is_active'] !== 1) {
|
||||
$error = 'Akun ini dinonaktifkan. Hubungi operator.';
|
||||
} elseif ($user && password_verify($password, $user['password'])) {
|
||||
// Sukses — reset counter & buat sesi
|
||||
unset($_SESSION['login_attempts'], $_SESSION['login_lock_until']);
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['username'] = $user['username'];
|
||||
$_SESSION['email'] = $user['email'];
|
||||
$_SESSION['role'] = $user['role'];
|
||||
$_SESSION['wilayah_tugas'] = $user['wilayah_tugas'];
|
||||
$_SESSION['nama_lengkap'] = $user['nama_lengkap'];
|
||||
|
||||
$pdo->prepare("UPDATE users SET last_login = NOW() WHERE id = ?")->execute([$user['id']]);
|
||||
logActivity($pdo, 'login', null, null, 'Login berhasil');
|
||||
|
||||
header('Location: ' . roleHome($user['role']));
|
||||
exit;
|
||||
} else {
|
||||
// Gagal — naikkan counter
|
||||
$attempts++;
|
||||
$_SESSION['login_attempts'] = $attempts;
|
||||
if ($attempts >= MAX_LOGIN_ATTEMPTS) {
|
||||
$_SESSION['login_lock_until'] = time() + LOCKOUT_SECONDS;
|
||||
$error = 'Terlalu banyak percobaan gagal. Akun dikunci sementara 15 menit.';
|
||||
} else {
|
||||
$sisa = MAX_LOGIN_ATTEMPTS - $attempts;
|
||||
$error = "Username atau password salah. Sisa percobaan: {$sisa}.";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$error = 'Username dan password wajib diisi.';
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="id">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Login - WebGIS Pemetaan Kemiskinan</title>
|
||||
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&display=swap" rel="stylesheet">
|
||||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">
|
||||
<link rel="stylesheet" href="assets/css/main.css">
|
||||
<link rel="stylesheet" href="assets/css/auth.css">
|
||||
</head>
|
||||
<body class="auth-page">
|
||||
|
||||
<div class="auth-center">
|
||||
<div class="auth-form-wrap">
|
||||
<h2 class="auth-form-title">Selamat Datang</h2>
|
||||
<p class="auth-form-subtitle">Masuk ke WebGIS Pemetaan Kemiskinan Terpadu.</p>
|
||||
|
||||
<div style="background:#F0F9FF;border:1px solid #BAE6FD;border-radius:10px;padding:10px 12px;margin-bottom:16px;font-size:0.78rem;color:#0369A1;line-height:1.5;">
|
||||
<i class="fas fa-circle-info"></i> Hak akses mengikuti akun: <strong>Operator</strong>, <strong>Pimpinan</strong>, atau <strong>Enumerator</strong>.
|
||||
Masyarakat umum dapat <a href="<?= app_url('peta_publik.php') ?>" style="color:#0369A1;font-weight:700;">lihat peta publik</a> tanpa login.
|
||||
</div>
|
||||
|
||||
<?php if ($error): ?>
|
||||
<div class="auth-error">
|
||||
<i class="fas fa-exclamation-circle"></i>
|
||||
<?= htmlspecialchars($error) ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
|
||||
<form method="POST" class="auth-form">
|
||||
<div class="form-group">
|
||||
<label class="form-label">Username</label>
|
||||
<div class="input-with-icon">
|
||||
<i class="fas fa-user input-icon"></i>
|
||||
<input type="text" name="username" class="form-control"
|
||||
placeholder="Masukkan username"
|
||||
value="<?= htmlspecialchars($_POST['username'] ?? '') ?>"
|
||||
required autocomplete="username">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="form-label">Password</label>
|
||||
<div class="input-with-icon">
|
||||
<i class="fas fa-lock input-icon"></i>
|
||||
<input type="password" name="password" class="form-control"
|
||||
placeholder="Masukkan password"
|
||||
required autocomplete="current-password"
|
||||
id="passwordInput">
|
||||
<button type="button" class="input-icon" style="right:12px;left:auto;cursor:pointer;background:none;border:none;color:var(--text-muted);" onclick="togglePass()">
|
||||
<i class="fas fa-eye" id="eyeIcon"></i>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary btn-login">
|
||||
<i class="fas fa-sign-in-alt"></i>
|
||||
Masuk ke Sistem
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
function togglePass() {
|
||||
const inp = document.getElementById('passwordInput');
|
||||
const ico = document.getElementById('eyeIcon');
|
||||
if (inp.type === 'password') {
|
||||
inp.type = 'text';
|
||||
ico.className = 'fas fa-eye-slash';
|
||||
} else {
|
||||
inp.type = 'password';
|
||||
ico.className = 'fas fa-eye';
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user