Merge branch 'main' of https://git-eng.ukwms.ac.id/2526-web/Kelompok02-Memory-Card

2025-12-15 23:18:07 +07:00 · 2025-12-15 23:18:07 +07:00 · 1fd4ece237
commit 1fd4ece237
parent a66c14daa8 48638451a2
2 changed files with 61 additions and 48 deletions
--- a/Config.php
+++ b/Config.php
@ -1,12 +1,13 @@
 <?php
+
 $host = "localhost";
 $user = "root";
 $password = "";
 $database = "users_db";

-$conn = mysqli_connect($host, $user, $password, $database);
+$conn = new mysqli($host, $user, $password, $database);

-if (!$conn) {
-    die("Koneksi gagal: " . mysqli_connect_error());
+if ($conn->connect_error) {
+    die("Koneksi gagal: " . $conn->connect_error);
 }
 ?>
--- a/auth.php
+++ b/auth.php
@ -1,8 +1,18 @@
 <?php
 session_start();
-require_once "Config.php";
+require_once "config.php";

-// ===================== REGISTER =====================
+/* =====================================================
+   JANGAN AKSES auth.php LANGSUNG
+===================================================== */
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    header("Location: index.php");
+    exit;
+}
+
+/* =====================================================
+   REGISTER
+===================================================== */
 if (isset($_POST['btn-register'])) {

    $username = trim($_POST['username']);
@ -10,71 +20,73 @@ if (isset($_POST['btn-register'])) {
    $password = $_POST['password'];
    $confirm  = $_POST['confirm_password'];

-    // validasi
-    if (!$username || !$email || !$password || !$confirm) {
-        header("Location: index.php?error=kosong");
-        exit;
-    }
-
-    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-        header("Location: index.php?error=email");
-        exit;
-    }
-
-    if (strlen($password) < 6) {
-        header("Location: index.php?error=pass");
+    // Validasi sederhana
+    if (empty($username) || empty($email) || empty($password) || empty($confirm)) {
+        $_SESSION['error'] = "Semua kolom wajib diisi!";
+        header("Location: index.php");
        exit;
    }

    if ($password !== $confirm) {
-        header("Location: index.php?error=confirm");
+        $_SESSION['error'] = "Konfirmasi password tidak cocok!";
+        header("Location: index.php");
        exit;
    }

-    // cek user
-    $cek = mysqli_prepare($conn, "SELECT id FROM users WHERE username=? OR email=?");
-    mysqli_stmt_bind_param($cek, "ss", $username, $email);
-    mysqli_stmt_execute($cek);
-    mysqli_stmt_store_result($cek);
+    // Cek user sudah ada atau belum
+    $cek = $conn->prepare("SELECT id FROM users WHERE username=? OR email=?");
+    $cek->bind_param("ss", $username, $email);
+    $cek->execute();
+    $cek->store_result();

-    if (mysqli_stmt_num_rows($cek) > 0) {
-        header("Location: index.php?error=exist");
+    if ($cek->num_rows > 0) {
+        $_SESSION['error'] = "Username atau Email sudah terdaftar!";
+        header("Location: index.php");
        exit;
    }
+    $cek->close();

-    mysqli_stmt_close($cek);
-
-    // simpan
+    // Insert ke database
    $hash = password_hash($password, PASSWORD_DEFAULT);
-    $insert = mysqli_prepare($conn, "INSERT INTO users (username,email,password) VALUES (?,?,?)");
-    mysqli_stmt_bind_param($insert, "sss", $username, $email, $hash);
-    mysqli_stmt_execute($insert);
-    mysqli_stmt_close($insert);
+    $insert = $conn->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
+    $insert->bind_param("sss", $username, $email, $hash);

-    header("Location: index.php?success=register");
+    if ($insert->execute()) {
+        $_SESSION['success'] = "Registrasi berhasil! Silakan login.";
+    } else {
+        $_SESSION['error'] = "Terjadi kesalahan sistem: " . $conn->error;
+    }
+
+    $insert->close();
+    header("Location: index.php"); // Kembali ke index
    exit;
 }

-// ===================== LOGIN =====================
+/* =====================================================
+   LOGIN
+===================================================== */
 if (isset($_POST['btn-login'])) {

-    $username = $_POST['username'];
+    $username = trim($_POST['username']);
    $password = $_POST['password'];

-    $stmt = mysqli_prepare($conn, "SELECT * FROM users WHERE username=?");
-    mysqli_stmt_bind_param($stmt, "s", $username);
-    mysqli_stmt_execute($stmt);
+    $stmt = $conn->prepare("SELECT * FROM users WHERE username=?");
+    $stmt->bind_param("s", $username);
+    $stmt->execute();

-    $result = mysqli_stmt_get_result($stmt);
-    $user = mysqli_fetch_assoc($result);
+    $result = $stmt->get_result();
+    $user = $result->fetch_assoc();

-    if (!$user || !password_verify($password, $user['password'])) {
-        header("Location: index.php?error=login");
+    if ($user && password_verify($password, $user['password'])) {
+        // Login Sukses
+        $_SESSION['user'] = $user;
+        header("Location: mainboard.php"); // Pastikan file ini ada!
+        exit;
+    } else {
+        // Login Gagal
+        $_SESSION['error'] = "Username atau Password salah!";
+        header("Location: index.php");
        exit;
    }
-
-    $_SESSION['user'] = $user;
-
-    header("Location: mainboard.php");
-    exit;
 }
+?>