connect(); checkKey('POST', 'username'); checkKey('POST', 'password'); $username = trim(strtoupper($_POST['username'])); $password = $_POST['password']; $passwordRaw = $password; $password = md5($password); $loginSuccess = false; $pesanError = 'Username dan password tidak cocok!!!'; if(!(isset($_GET['dosen']) || isset($_GET['admin']))){ $usernameSiakad = rawurlencode($username); $passwordSiakad = rawurlencode($passwordRaw); /** $url = "https://bkd.untan.ac.id/API/forward-login-siakad-mhs.php?nim=$usernameSiakad&pass=$passwordSiakad"; //$url = "http://203.24.50.140/API/forward-login-siakad-mhs.php?nim=$usernameSiakad&pass=$passwordSiakad"; $context = stream_context_create(['http' => ['ignore_errors' => true]]); $result = @file_get_contents($url, false, $context); if ($http_response_header[0] == 'HTTP/1.1 200 OK') { $decodedResult = json_decode($result, true); //echo $result; if (isset($decodedResult['result'][0]['idmhs'])) { if (!($decodedResult['result'][0]['idmhs'] == '0')) { $sql = "UPDATE tbmhs SET password = :password WHERE nim = :nim"; $stmt = $dbh->prepare($sql); $stmt->bindParam(':nim', $username); $stmt->bindParam(':password', $password); $stmt->execute(); } } else { $dom = new DOMDocument(); @$dom->loadHTML($result); $x = new DOMXPath($dom); $pesanSiakad = null; foreach ($x->query("//div[contains(@class, 'kotak')]") as $node) { $pesanSiakad = $node->nodeValue; } if ($pesanSiakad != null) { $sql = "UPDATE tbmhs SET password = :password WHERE nim = :nim"; $stmt = $dbh->prepare($sql); $stmt->bindParam(':nim', $username); $stmt->bindParam(':password', $password); $stmt->execute(); } } } **/ //$url = "http://203.24.50.140/API/login-siakad-mhs.php?username=$username&password=$passwordRaw"; $url = (string) (getenv('SPOTA_SIAKAD_LOGIN_URL') ?: ''); $payload = [ 'nim' => $username, 'password' => $passwordRaw, ]; $postData = json_encode($payload); $opts = ['http' => [ 'method' => 'POST', 'ignore_errors' => true, 'header' => 'Content-Type: application/json', 'content' => $postData, ], "ssl"=>[ "verify_peer"=>false, "verify_peer_name"=>false, ], ]; $context = stream_context_create($opts); if ($url !== '') { $response = @file_get_contents($url, false, $context); $decoded = json_decode((string) $response, 1); $responseCode = isset($decoded['CODE']) ? (string) $decoded['CODE'] : null; if ($responseCode === '200') { $sql = "UPDATE tbmhs SET password = :password WHERE nim = :nim"; $stmt = $dbh->prepare($sql); $stmt->bindParam(':nim', $username); $stmt->bindParam(':password', $password); $stmt->execute(); } } } $sql = 'SELECT * FROM tbmhs WHERE nim = :nim AND password = :password'; $stmt = $dbh->prepare($sql); $stmt->bindParam(':nim', $username); $stmt->bindParam(':password', $password); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $loginSuccess = true; $level = 'mahasiswa'; $idMhs = $row['idmhs']; $nim = $row['nim']; $namaMhs = $row['nmLengkap']; $email = $row['email']; $foto = $row['foto']; $urlFoto = "//spota.untan.ac.id/img/$foto"; $data = [ 'id' => $idMhs, 'nim' => $nim, 'nama' => $namaMhs, 'email' => $email, 'foto' => $foto, 'urlFoto' => $urlFoto, ]; } if (isset($_GET['dosen'])) { $loginSuccess = false; $data = []; } if (!$loginSuccess) { $sql = 'SELECT * FROM tbdosen WHERE nip = :nip AND password = :password'; $stmt = $dbh->prepare($sql); $stmt->bindParam(':nip', $username); $stmt->bindParam(':password', $password); $stmt->execute(); // if($username == "123456"){ // $x = '198908192019032012'; // $sql = 'SELECT * FROM tbdosen WHERE nip = :nip'; // $stmt = $dbh->prepare($sql); // $stmt->bindParam(':nip', $x); // $stmt->execute(); // } while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $loginSuccess = true; $level = 'dosen'; $idDosen = $row['iddosen']; $nip = $row['nip']; $nama = $row['nmLengkap']; $email = $row['email']; $hp = $row['nohp']; $foto = $row['foto']; $jenisDosen = $row['jenis']; $kajur = false; if ($jenisDosen == 'K') { $kajur = true; } $urlFoto = "//spota.untan.ac.id/img/$foto"; $data = [ 'id' => $idDosen, 'nip' => $nip, 'nama' => $nama, 'email' => $email, 'hp' => $hp, 'foto' => $foto, 'kajur' => $kajur, 'urlFoto' => $urlFoto, ]; } } if (isset($_GET['admin'])) { $loginSuccess = false; $data = []; } if (!$loginSuccess) { $sql = 'SELECT * FROM tbadmin WHERE username = :username AND password = :password'; $stmt = $dbh->prepare($sql); $stmt->bindParam(':username', $username); $stmt->bindParam(':password', $password); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $loginSuccess = true; $level = 'admin'; $idAdmin = $row['idAdmin']; $nip = $row['nip']; $nama = $row['nmLengkap']; $email = $row['email']; $hp = $row['notelp']; $data = [ 'id' => $idAdmin, 'nip' => $nip, 'nama' => $nama, 'email' => $email, 'hp' => $hp, ]; } } if ($loginSuccess) { $_SESSION = []; if ($level === 'mahasiswa') { $_SESSION['login-mhs'] = [ 'id' => $data['id'], 'nim' => $data['nim'], 'nama' => $data['nama'], 'email' => $data['email'], ]; } elseif ($level === 'dosen') { $_SESSION['login-dosen'] = [ 'id' => $data['id'], 'nip' => $data['nip'], 'nama' => $data['nama'], 'email' => $data['email'], 'hp' => $data['hp'], 'kajur' => $data['kajur'], ]; } elseif ($level === 'admin') { $_SESSION['login-admin'] = [ 'id' => $data['id'], 'nip' => $data['nip'], 'nama' => $data['nama'], 'email' => $data['email'], 'hp' => $data['hp'], ]; } echo json_encode(['status' => 1, 'msg' => 'Login sukses!!!', 'data' => $data, 'level' => $level]); } else { echo json_encode(['status' => 0, 'msg' => $pesanError]); }