Files
UAS_WEBGIS_IhyaUlumuddinHar…/project_final/login.php
T
2026-06-13 11:24:58 +07:00

152 lines
6.3 KiB
PHP

<?php
require_once __DIR__ . '/config/session.php';
require_once __DIR__ . '/config/auth_check.php';
startAppSession();
if (isLoggedIn()) {
header('Location: ' . roleHome(currentRole()));
exit;
}
$error = '';
// KF-01: lockout setelah 5x percobaan gagal (jendela 15 menit)
const MAX_LOGIN_ATTEMPTS = 5;
const LOCKOUT_SECONDS = 900;
$attempts = $_SESSION['login_attempts'] ?? 0;
$lockUntil = $_SESSION['login_lock_until'] ?? 0;
$isLocked = $lockUntil > time();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
require_once __DIR__ . '/config/db.php';
require_once __DIR__ . '/config/activity.php';
if ($isLocked) {
$sisa = (int)ceil(($lockUntil - time()) / 60);
$error = "Terlalu banyak percobaan gagal. Coba lagi dalam {$sisa} menit.";
} else {
$username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
if ($username && $password) {
$pdo = Database::getConnection();
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ? LIMIT 1");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && (int)$user['is_active'] !== 1) {
$error = 'Akun ini dinonaktifkan. Hubungi operator.';
} elseif ($user && password_verify($password, $user['password'])) {
// Sukses — reset counter & buat sesi
unset($_SESSION['login_attempts'], $_SESSION['login_lock_until']);
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['email'] = $user['email'];
$_SESSION['role'] = $user['role'];
$_SESSION['wilayah_tugas'] = $user['wilayah_tugas'];
$_SESSION['nama_lengkap'] = $user['nama_lengkap'];
$pdo->prepare("UPDATE users SET last_login = NOW() WHERE id = ?")->execute([$user['id']]);
logActivity($pdo, 'login', null, null, 'Login berhasil');
header('Location: ' . roleHome($user['role']));
exit;
} else {
// Gagal — naikkan counter
$attempts++;
$_SESSION['login_attempts'] = $attempts;
if ($attempts >= MAX_LOGIN_ATTEMPTS) {
$_SESSION['login_lock_until'] = time() + LOCKOUT_SECONDS;
$error = 'Terlalu banyak percobaan gagal. Akun dikunci sementara 15 menit.';
} else {
$sisa = MAX_LOGIN_ATTEMPTS - $attempts;
$error = "Username atau password salah. Sisa percobaan: {$sisa}.";
}
}
} else {
$error = 'Username dan password wajib diisi.';
}
}
}
?>
<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - WebGIS Pemetaan Kemiskinan</title>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&display=swap" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">
<link rel="stylesheet" href="assets/css/main.css">
<link rel="stylesheet" href="assets/css/auth.css">
</head>
<body class="auth-page">
<div class="auth-center">
<div class="auth-form-wrap">
<h2 class="auth-form-title">Selamat Datang</h2>
<p class="auth-form-subtitle">Masuk ke WebGIS Pemetaan Kemiskinan Terpadu.</p>
<div style="background:#F0F9FF;border:1px solid #BAE6FD;border-radius:10px;padding:10px 12px;margin-bottom:16px;font-size:0.78rem;color:#0369A1;line-height:1.5;">
<i class="fas fa-circle-info"></i> Hak akses mengikuti akun: <strong>Operator</strong>, <strong>Pimpinan</strong>, atau <strong>Enumerator</strong>.
Masyarakat umum dapat <a href="<?= app_url('peta_publik.php') ?>" style="color:#0369A1;font-weight:700;">lihat peta publik</a> tanpa login.
</div>
<?php if ($error): ?>
<div class="auth-error">
<i class="fas fa-exclamation-circle"></i>
<?= htmlspecialchars($error) ?>
</div>
<?php endif; ?>
<form method="POST" class="auth-form">
<div class="form-group">
<label class="form-label">Username</label>
<div class="input-with-icon">
<i class="fas fa-user input-icon"></i>
<input type="text" name="username" class="form-control"
placeholder="Masukkan username"
value="<?= htmlspecialchars($_POST['username'] ?? '') ?>"
required autocomplete="username">
</div>
</div>
<div class="form-group">
<label class="form-label">Password</label>
<div class="input-with-icon">
<i class="fas fa-lock input-icon"></i>
<input type="password" name="password" class="form-control"
placeholder="Masukkan password"
required autocomplete="current-password"
id="passwordInput">
<button type="button" class="input-icon" style="right:12px;left:auto;cursor:pointer;background:none;border:none;color:var(--text-muted);" onclick="togglePass()">
<i class="fas fa-eye" id="eyeIcon"></i>
</button>
</div>
</div>
<button type="submit" class="btn btn-primary btn-login">
<i class="fas fa-sign-in-alt"></i>
Masuk ke Sistem
</button>
</form>
</div>
</div>
<script>
function togglePass() {
const inp = document.getElementById('passwordInput');
const ico = document.getElementById('eyeIcon');
if (inp.type === 'password') {
inp.type = 'text';
ico.className = 'fas fa-eye-slash';
} else {
inp.type = 'password';
ico.className = 'fas fa-eye';
}
}
</script>
</body>
</html>