wartana/sidak
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f44ca2bd625bc3fa2b3f99e3c0b1cb492c0380c2
sidak/login.php
wartana f44ca2bd62 Fix password hashing in user creation and re-enable captcha 
- Hash passwords with MD5 in add_pengguna.php
- Re-enable captcha validation in login.php
- Disable error reporting in production
2026-01-22 08:04:32 +08:00

155 lines
4.5 KiB
PHP
Raw Blame History

<?php
// error_reporting(E_ALL);
// ini_set('display_errors', 1);
include "inc/koneksi.php";
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>login | SIDAK</title>
<link rel="icon" href="dist/img/izin.png">
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Font Awesome -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
<!-- Ionicons -->
<link rel="stylesheet" href="https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css">
<!-- icheck bootstrap -->
<link rel="stylesheet" href="plugins/icheck-bootstrap/icheck-bootstrap.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="dist/css/adminlte.min.css">
<!-- Modern CSS -->
<link rel="stylesheet" href="dist/css/modern.css">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head>
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo">
</div>
<!-- /.login-logo -->
<div class="card">
<div class="card-body login-card-body">
<center>
<img src="dist/img/izin.png" width=170px />
<br>
<br>
<h5>
<b>Sistem Data Kependudukan</b>
</h5>
<br>
</center>
<form action="" method="post">
<div class="input-group mb-3">
<input type="text" class="form-control" name="username" placeholder="Username" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-user"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" name="password" placeholder="Password" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="text" class="form-control" name="captcha_input" placeholder="Masukkan kode captcha" required>
<div class="input-group-append">
<div class="input-group-text">
<img src="inc/captcha.php" alt="CAPTCHA">
</div>
</div>
</div>
<div class="row">
<div class="col-12">
<button type="submit" class="btn btn-danger btn-block btn-flat" name="btnLogin" title="Masuk Sistem">
<b>Login System</b>
</button>
</div>
</form>
</div>
</div>
</div>
<!-- /.login-box -->
<!-- jQuery -->
<script src="plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 -->
<script src="plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App -->
<script src="dist/js/adminlte.min.js"></script>
<!-- Alert -->
<script src="plugins/alert.js"></script>
</body>
</html>
<?php
if (isset($_POST['btnLogin'])) {
//anti inject sql
$username=mysqli_real_escape_string($koneksi,$_POST['username']);
$password=mysqli_real_escape_string($koneksi,$_POST['password']);
//validasi captcha
if ($_POST["captcha_input"] != $_SESSION["captcha_code"]) {
echo "<script>
Swal.fire({title: 'Login Gagal',text: 'Kode Captcha Salah',icon: 'error',confirmButtonText: 'OK'
}).then((result) => {if (result.value)
{window.location = 'login.php';}
})</script>";
exit;
}
//query login
$sql_login = "SELECT * FROM tb_pengguna WHERE username='$username' AND password=MD5('$password')";
$query_login = mysqli_query($koneksi, $sql_login);
$data_login = mysqli_fetch_array($query_login,MYSQLI_BOTH);
$jumlah_login = mysqli_num_rows($query_login);
if ($jumlah_login ==1 ){
// session_start();
$_SESSION["ses_id"]=$data_login["id_pengguna"];
$_SESSION["ses_nama"]=$data_login["nama_pengguna"];
$_SESSION["ses_username"]=$data_login["username"];
$_SESSION["ses_password"]=$data_login["password"];
$_SESSION["ses_level"]=$data_login["level"];
echo "<script>
Swal.fire({title: 'Login Berhasil',text: '',icon: 'success',confirmButtonText: 'OK'
}).then((result) => {if (result.value)
{window.location = 'index.php';}
})</script>";
}else{
$error_msg = "Username atau password salah";
if (!$query_login) {
$error_msg = "Database error: " . mysqli_error($koneksi);
}
echo "<script>
Swal.fire({title: 'Login Gagal',text: '$error_msg',icon: 'error',confirmButtonText: 'OK'
}).then((result) => {if (result.value)
{window.location = 'login.php';}
})</script>";
}
}
Reference in New Issue View Git Blame Copy Permalink