Files

37 lines
1.1 KiB
PHP

<?php
// ================================================================
// Auth Action — Proses Login
// ================================================================
require_once __DIR__ . '/../config/config.php';
require_once __DIR__ . '/../config/database.php';
require_once __DIR__ . '/../includes/auth.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: ' . BASE_URL . '/admin/login.php');
exit;
}
$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';
if (empty($email) || empty($password)) {
header('Location: ' . BASE_URL . '/admin/login.php?error=empty');
exit;
}
$db = getDB();
$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
$stmt->execute([$email]);
$user = $stmt->fetch();
if (!$user || !password_verify($password, $user['password'])) {
// Tambah sedikit delay untuk mencegah brute force
sleep(1);
header('Location: ' . BASE_URL . '/admin/login.php?error=invalid&email=' . urlencode($email));
exit;
}
loginUser($user);
header('Location: ' . BASE_URL . '/admin/');
exit;