37 lines
1.1 KiB
PHP
37 lines
1.1 KiB
PHP
<?php
|
|
// ================================================================
|
|
// Auth Action — Proses Login
|
|
// ================================================================
|
|
require_once __DIR__ . '/../config/config.php';
|
|
require_once __DIR__ . '/../config/database.php';
|
|
require_once __DIR__ . '/../includes/auth.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: ' . BASE_URL . '/admin/login.php');
|
|
exit;
|
|
}
|
|
|
|
$email = trim($_POST['email'] ?? '');
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($email) || empty($password)) {
|
|
header('Location: ' . BASE_URL . '/admin/login.php?error=empty');
|
|
exit;
|
|
}
|
|
|
|
$db = getDB();
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user || !password_verify($password, $user['password'])) {
|
|
// Tambah sedikit delay untuk mencegah brute force
|
|
sleep(1);
|
|
header('Location: ' . BASE_URL . '/admin/login.php?error=invalid&email=' . urlencode($email));
|
|
exit;
|
|
}
|
|
|
|
loginUser($user);
|
|
header('Location: ' . BASE_URL . '/admin/');
|
|
exit;
|