From 13c0a8a7dd7be95938b3aec4e7bcbd8b0bcdaefd Mon Sep 17 00:00:00 2001
From: ody <audychan8@gmail.com>
Date: Wed, 3 Dec 2025 18:28:08 +0700
Subject: [PATCH] ubah fix

---
 register.php | 257 +++++++++++++++++++++++++++++----------------------
 1 file changed, 147 insertions(+), 110 deletions(-)

diff --git a/register.php b/register.php
index 6831756..0083ebc 100644
--- a/register.php
+++ b/register.php
@@ -1,141 +1,178 @@
 <?php
-include 'koneksi.php';
+include "koneksi.php";
+session_start();
 
-$success = false;
+/* ==========================================================
+   ======================= LOGIN ============================
+   ========================================================== */
 
-if (isset($_POST['register'])) {
-    $username = $_POST['username'];
+$error = "";
+if (isset($_POST['login'])) {
+    $username = mysqli_real_escape_string($conn, $_POST['username']);
     $password = $_POST['password'];
 
-    // basic escaping to avoid simple injection (keep consistent with existing style)
-    $username = mysqli_real_escape_string($conn, $username);
-    $password = mysqli_real_escape_string($conn, $password);
+    // PENTING: ambil kolom bank, bukan balance
+    $sql = "SELECT id, username, password, bank FROM users WHERE username = ?";
+    $stmt = mysqli_prepare($conn, $sql);
+    mysqli_stmt_bind_param($stmt, "s", $username);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
 
-    // insert with initial balance = 0
-    $SQL = "INSERT INTO users (username, password, balance) VALUES ('$username', '$password', 0)";
-    $result = mysqli_query($conn, $SQL);
+    if (mysqli_num_rows($result) > 0) {
+        $user = mysqli_fetch_assoc($result);
 
-    if ($result) {
-        $success = true;
+        if ($password === $user['password']) {
+
+            // Set SESSION
+            $_SESSION['user_id']  = $user['id'];
+            $_SESSION['username'] = $user['username'];
+            $_SESSION['bank']     = intval($user['bank']); // PASTIKAN integer
+
+            // Update last login
+            $update_sql = "UPDATE users SET last_login = NOW() WHERE id = ?";
+            $update_stmt = mysqli_prepare($conn, $update_sql);
+            mysqli_stmt_bind_param($update_stmt, "i", $user['id']);
+            mysqli_stmt_execute($update_stmt);
+
+            // Masuk ke game page
+            header("Location: html.php");
+            exit;
+        } else {
+            $error = "Invalid username or password";
+        }
+    } else {
+        $error = "Invalid username or password";
+    }
+    mysqli_stmt_close($stmt);
+}
+
+/* ==========================================================
+   ======================= REGISTER ==========================
+   ========================================================== */
+
+$success = "";
+if (isset($_POST['register'])) {
+
+    $username = mysqli_real_escape_string($conn, $_POST['username']);
+    $password = $_POST['password'];
+    $confirm  = $_POST['confirm_password'];
+
+    if (empty($username) || empty($password)) {
+        $error = "All fields are required.";
+    } elseif ($password !== $confirm) {
+        $error = "Passwords do not match.";
+    } elseif (strlen($password) < 6) {
+        $error = "Password must be at least 6 characters.";
+    } else {
+
+        // cek username sudah ada
+        $check_sql = "SELECT id FROM users WHERE username = ?";
+        $check_stmt = mysqli_prepare($conn, $check_sql);
+        mysqli_stmt_bind_param($check_stmt, "s", $username);
+        mysqli_stmt_execute($check_stmt);
+        mysqli_stmt_store_result($check_stmt);
+
+        if (mysqli_stmt_num_rows($check_stmt) > 0) {
+            $error = "Username already exists.";
+
+        } else {
+
+            // simpan password plain text (testing)
+            $hashed = $password;
+
+            // Insert user baru — gunakan kolom bank!
+            $insert_sql = "INSERT INTO users (username, password, bank, created_at)
+                           VALUES (?, ?, 1000, NOW())";
+            $insert_stmt = mysqli_prepare($conn, $insert_sql);
+            mysqli_stmt_bind_param($insert_stmt, "ss", $username, $hashed);
+
+            if (mysqli_stmt_execute($insert_stmt)) {
+
+                $success = "Registration successful. You may login.";
+
+                // Auto-login
+                $new_id = mysqli_insert_id($conn);
+                $_SESSION['user_id'] = $new_id;
+                $_SESSION['username'] = $username;
+                $_SESSION['bank'] = 1000;
+
+                header("Location: html.php");
+                exit;
+            } else {
+                $error = "Registration failed. Try again.";
+            }
+        }
     }
 }
 
 ?>
 
 <!DOCTYPE html>
-<html lang="en">
-
+<html>
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>OCA Gaming Hub - Login</title>
+    <title>Login / Register</title>
     <link rel="stylesheet" href="login.css">
 </head>
 
 <body>
-    <div class="container">
-        <div class="logo">
-            <h1>♠ OCA GAMING HUB ♠</h1>
-            <p>BLACKJACK 21 CARD GAME</p>
-        </div>
+<div class="container">
 
-        <div class="form-container">
-            <div class="card-icon">🂡</div>
-
-            <?php if ($success): ?>
-                <div class="success-message show">Register Success!</div>
-                <script>
-                    setTimeout(function() {
-                        window.location.href = 'loginn.php';
-                    }, 2000);
-                </script>
-            <?php else: ?>
-            <!-- Sign Up Page -->
-            <form action ="register.php" method="POST">
-                <div class="form-group">
-                    <label for="username">Username</label>
-                    <input id="username" type="text" name="username" required>
-                </div>
-
-                <div class="form-group">
-                    <label for="password">Password</label>
-                    <input id="password" type="password" name="password" required>
-                </div>
-
-                <div class="button-group">
-                    <button type="submit" name="register" class="btn btn-register">Register</button>
-                </div>
-            </form>
-            <?php endif; ?>
-        </div>
+    <div class="logo">
+        <h1>OCAGamingHub</h1>
+        <p>Sign in or create account</p>
     </div>
 
-    <script>
-        function goToMain() {
-            document.getElementById('mainPage').style.display = 'block';
-            document.getElementById('signupForm').style.display = 'none';
-            // Clear messages
-            document.getElementById('mainMessage').classList.remove('show');
-            document.getElementById('mainError').classList.remove('show');
-        }
+    <div class="form-container">
 
-        function goToSignUp() {
-            document.getElementById('mainPage').style.display = 'none';
-            document.getElementById('signupForm').style.display = 'block';
-        }
+        <?php if (!empty($error)): ?>
+            <div class="error-message show"><?= htmlspecialchars($error) ?></div>
+        <?php endif; ?>
 
-        // Login handler: validate input and show messages
-        function handleLogin() {
-            const username = document.getElementById('mainUsername').value.trim();
-            const password = document.getElementById('mainPassword').value.trim();
-            const successEl = document.getElementById('mainMessage');
-            const errorEl = document.getElementById('mainError');
+        <?php if (!empty($success)): ?>
+            <div class="success-message show"><?= htmlspecialchars($success) ?></div>
+        <?php endif; ?>
 
-            // Reset messages
-            successEl.classList.remove('show');
-            errorEl.classList.remove('show');
+        <!-- ================== LOGIN FORM ================== -->
+        <form method="POST">
+            <h2>Login</h2>
+            <div class="form-group">
+                <label>Username</label>
+                <input type="text" name="username">
+            </div>
 
-            if (!username || !password) {
-                errorEl.textContent = 'Please enter both username and password.';
-                errorEl.classList.add('show');
-                return;
-            }
+            <div class="form-group">
+                <label>Password</label>
+                <input type="password" name="password">
+            </div>
 
-            // Simulate login (replace with real auth as needed)
-            if (username.toLowerCase() === 'admin' && password === 'admin') {
-                successEl.textContent = `Welcome back, ${username}! Redirecting...`;
-                successEl.classList.add('show');
-                setTimeout(() => {
-                    alert('Logged in as ' + username + '. (Simulated)');
-                    // Example: redirect to game/dashboard page
-                    // window.location.href = 'dashboard.html';
-                }, 800);
-            } else {
-                errorEl.textContent = 'Invalid username or password.';
-                errorEl.classList.add('show');
-            }
-        }
+            <button type="submit" name="login" class="btn btn-signin">Login</button>
+        </form>
 
-        // Signup Form Handler
-        document.getElementById('signupForm').addEventListener('submit', function (e) {
-            e.preventDefault();
-            const username = document.getElementById('signupUsername').value;
-            const email = document.getElementById('signupEmail').value;
-            const password = document.getElementById('signupPassword').value;
+        <hr>
 
-            if (username && email && password) {
-                const message = document.getElementById('signupMessage');
-                message.textContent = `✓ Account created successfully for ${username}!`;
-                message.classList.add('show');
+        <!-- ================== REGISTER FORM ================== -->
+        <form method="POST">
+            <h2>Register</h2>
 
-                setTimeout(() => {
-                    alert(`Account created!\nUsername: ${username}\nEmail: ${email}`);
-                    // Add your redirect here
-                    goToMain();
-                }, 1500);
-            }
-        });
-    </script>
+            <div class="form-group">
+                <label>Username</label>
+                <input type="text" name="username">
+            </div>
+
+            <div class="form-group">
+                <label>Password</label>
+                <input type="password" name="password">
+            </div>
+
+            <div class="form-group">
+                <label>Confirm Password</label>
+                <input type="password" name="confirm_password">
+            </div>
+
+            <button type="submit" name="register" class="btn btn-signup">Create Account</button>
+        </form>
+
+    </div>
+</div>
 </body>
-
 </html>
\ No newline at end of file