diff --git a/webgisdatakemiskinan/auth_proses.php b/webgisdatakemiskinan/auth_proses.php index 03428e5..eadc8ce 100644 --- a/webgisdatakemiskinan/auth_proses.php +++ b/webgisdatakemiskinan/auth_proses.php @@ -6,26 +6,24 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; - // Validasi input kosong if (empty($username) || empty($password)) { header("Location: login.php?error=empty"); exit; } - $username_esc = $conn->real_escape_string($username); - $sql = "SELECT * FROM users WHERE username = '$username_esc'"; - $result = $conn->query($sql); - - if ($result->num_rows > 0) { - $user = $result->fetch_assoc(); + $sql = "SELECT * FROM users WHERE username = :username"; + $stmt = $conn->prepare($sql); + $stmt->execute(['username' => $username]); + + $user = $stmt->fetch(PDO::FETCH_ASSOC); + if ($user && is_array($user)) { if (password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $_SESSION['nama_masjid'] = $user['nama_masjid'] ?? ''; - // Arahkan ke dashboard jika admin/walikota, ke peta jika warga if (in_array($user['role'], ['admin', 'walikota'])) { header("Location: dashboard.php"); } else {