fear:revisi_login_php

login.php

@@ -1,45 +1,27 @@
 <?php
-
-//untuk halaman login
 include "koneksi.php";
-if (isset($_POST['username']))
-{
- $username=$_POST['username'];	
-}
-else $username ='';
-if (isset($_POST['password']))
-{
- $password=$_POST['password'];	
-}
-else $password ='';
-if ($username!='' || $password!='')
-{
-  $stmt = mysqli_prepare($conn,"select * from user where username=? and password=?");
-  $enc=md5($password);
-  mysqli_stmt_bind_param($stmt,"ss", $username,$enc);
-  mysqli_stmt_execute($stmt);
- 
-  $result = mysqli_stmt_get_result($stmt);
-  if ($row=mysqli_fetch_assoc($result))
-  {
-	  echo "Login sukses";
-	  $_session['firstname'] = $row['firstname']; //simpan session firstname
-	  $_session['lastname'] = $row['lastname'];
-	  header("Location:dashboard.php"); //untuk pindah ke halaman dashboard.php
-	  
-	  echo "firstname:".$row['firstname']."<br>";//kalo di file yang sama
-	  echo "lastname:".$row['lastname']."<br>";
-  }
-  else echo "Username/password salah";
-}
-?>
 
-<html>
+$username = $_POST['username'];
-<body>
+$password = $_POST['password'];
- <form method="POST">
+
-	Username: <input type="text" name="username"><br>
+$query = mysqli_query($conn, "SELECT * FROM users WHERE username='$username'");
-	Password:<input type="password" name="password"><br>
+$user = mysqli_fetch_assoc($query);
-	<input type="submit">
+
- </form>
+if (!$user) {
-</body>
+    echo json_encode(["status" => "error", "msg" => "Username tidak ditemukan"]);
-</html>
+    exit;
+}
+
+if ($user["password"] !== $password) {
+    echo json_encode(["status" => "error", "msg" => "Password salah"]);
+    exit;
+}
+
+echo json_encode([
+    "status" => "success",
+    "id" => $user["id"],
+    "username" => $user["username"],
+    "email" => $user["email"],
+    "role" => $user["role"]
+]);
+?>