From f44ca2bd625bc3fa2b3f99e3c0b1cb492c0380c2 Mon Sep 17 00:00:00 2001 From: wartana Date: Thu, 22 Jan 2026 08:04:32 +0800 Subject: [PATCH] Fix password hashing in user creation and re-enable captcha - Hash passwords with MD5 in add_pengguna.php - Re-enable captcha validation in login.php - Disable error reporting in production --- admin/pengguna/add_pengguna.php | 3 ++- login.php | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/admin/pengguna/add_pengguna.php b/admin/pengguna/add_pengguna.php index 6292d52..178110c 100644 --- a/admin/pengguna/add_pengguna.php +++ b/admin/pengguna/add_pengguna.php @@ -57,10 +57,11 @@ $level_db = isset($level_map[$_POST['level']]) ? $level_map[$_POST['level']] : $_POST['level']; //mulai proses simpan data + $password_hash = MD5($_POST['password']); $sql_simpan = "INSERT INTO tb_pengguna (nama_pengguna,username,password,level) VALUES ( '".$_POST['nama_pengguna']."', '".$_POST['username']."', - '".$_POST['password']."', + '".$password_hash."', '".$level_db."')"; $query_simpan = mysqli_query($koneksi, $sql_simpan); mysqli_close($koneksi); diff --git a/login.php b/login.php index 901cb63..214c730 100644 --- a/login.php +++ b/login.php @@ -1,6 +1,6 @@ @@ -110,15 +110,15 @@ if (isset($_POST['btnLogin'])) { $username=mysqli_real_escape_string($koneksi,$_POST['username']); $password=mysqli_real_escape_string($koneksi,$_POST['password']); - //validasi captcha - DISABLED SEMENTARA UNTUK DEBUG - // if ($_POST["captcha_input"] != $_SESSION["captcha_code"]) { - // echo ""; - // exit; - // } + //validasi captcha + if ($_POST["captcha_input"] != $_SESSION["captcha_code"]) { + echo ""; + exit; + } //query login $sql_login = "SELECT * FROM tb_pengguna WHERE username='$username' AND password=MD5('$password')";