diff --git a/Sudoku.html b/Sudoku.php similarity index 99% rename from Sudoku.html rename to Sudoku.php index 06e7fc8..081ac6f 100644 --- a/Sudoku.html +++ b/Sudoku.php @@ -1,3 +1,19 @@ + + + + + Sudoku + + + Sudoku diff --git a/db.php b/db.php new file mode 100644 index 0000000..2d90421 --- /dev/null +++ b/db.php @@ -0,0 +1,21 @@ + PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, + PDO::ATTR_EMULATE_PREPARES => false, +]; + +try { + // Membuat koneksi PDO + $conn = new PDO($dsn, $user, $pass, $options); +} catch (\PDOException $e) { + throw new \PDOException($e->getMessage(), (int)$e->getCode()); +} +?> \ No newline at end of file diff --git a/login.php b/login.php index 01ac3d4..88e48a6 100644 --- a/login.php +++ b/login.php @@ -2,38 +2,51 @@ ini_set('display_errors', 1); error_reporting(E_ALL); +include 'db.php'; // Pastikan file koneksi PDO Anda benar + session_start(); -$dbFile = __DIR__ . '/users.sqlite'; -$redirectAfterLogin = 'sudoku.php'; +$err = ''; +$username_input = ''; // Untuk menyimpan username agar tidak hilang jika salah password -try { - $pdo = new PDO('sqlite:' . $dbFile); - $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} catch (Exception $e) { - die("DB Error: " . $e->getMessage()); -} - -$err = ""; - -if ($_SERVER['REQUEST_METHOD'] === 'POST') { - $user = trim($_POST['username'] ?? ''); +if (isset($_POST['login'])) { + $username_input = trim($_POST['username'] ?? ''); $pass = $_POST['password'] ?? ''; - if ($user === '' || $pass === '') { - $err = "Isi username dan password."; + if ($username_input === '' || $pass === '') { + $err = "Username dan password harus diisi."; } else { - $stmt = $pdo->prepare("SELECT * FROM users WHERE username = :u LIMIT 1"); - $stmt->execute([':u' => $user]); - $row = $stmt->fetch(PDO::FETCH_ASSOC); + try { + // 1. Ambil data user berdasarkan username + // Menggunakan Prepared Statement (Aman dari SQL Injection) + $stmt = $conn->prepare("SELECT id, username, password FROM users WHERE username = ?"); + $stmt->execute([$username_input]); + $user_data = $stmt->fetch(PDO::FETCH_ASSOC); - if ($row && password_verify($pass, $row['password'])) { - session_regenerate_id(true); - $_SESSION['user'] = $row['username']; - header("Location: $redirectAfterLogin"); - exit; - } else { - $err = "Username atau password salah."; + // 2. Verifikasi Password + // password_verify akan mencocokkan input user dengan HASH di database (seperti milik 'bejo') + if ($user_data && password_verify($pass, $user_data['password'])) { + + // Login Berhasil! + + // Regenerasi ID Session (Security Best Practice) + session_regenerate_id(true); + + // Simpan data ke session + $_SESSION['user_id'] = $user_data['id']; + $_SESSION['username'] = $user_data['username']; + $_SESSION['login'] = true; + + // Arahkan ke halaman game (sesuai gambar pertama Anda) + header("Location: sudoku.php"); + exit(); + + } else { + $err = "Username atau password salah."; + } + + } catch (PDOException $e) { + $err = "Terjadi kesalahan sistem database."; } } } @@ -42,17 +55,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { + Login +

Login

@@ -60,15 +78,16 @@ body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justi
-
- - - + + + +
Belum punya akun? Daftar
+ - + \ No newline at end of file diff --git a/register.php b/register.php index a98c3e5..28fe1ba 100644 --- a/register.php +++ b/register.php @@ -2,41 +2,25 @@ ini_set('display_errors', 1); error_reporting(E_ALL); +include 'db.php'; // Pastikan $conn ada di sini + session_start(); -$dbFile = __DIR__ . '/users.sqlite'; - -try { - $pdo = new PDO('sqlite:' . $dbFile); - $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - - // create table if not exists - $pdo->exec(" - CREATE TABLE IF NOT EXISTS users ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - username TEXT UNIQUE NOT NULL, - password TEXT NOT NULL, - created_at DATETIME DEFAULT CURRENT_TIMESTAMP - ) - "); - -} catch (Exception $e) { - die("DB Error: " . $e->getMessage()); -} - -$err = ""; -$ok = ""; +$err = ''; // Variabel untuk pesan error +$ok = ''; // Variabel untuk pesan sukses // Regex password: minimal 6, huruf + angka function password_valid($p) { return preg_match('/^(?=.*[A-Za-z])(?=.*\d).{6,}$/', $p); } -if ($_SERVER['REQUEST_METHOD'] === 'POST') { +if (isset($_POST['register'])) { + // 1. Ambil dan bersihkan input $user = trim($_POST['username'] ?? ''); $pass = $_POST['password'] ?? ''; $pass2 = $_POST['password_confirm'] ?? ''; + // 2. Validasi Input if ($user === '' || $pass === '' || $pass2 === '') { $err = "Semua field harus diisi."; } elseif ($pass !== $pass2) { @@ -45,15 +29,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $err = "Password minimal 6 karakter, harus mengandung huruf & angka."; } else { try { + // 3. Hash Password (Keamanan Kritis!) $hash = password_hash($pass, PASSWORD_DEFAULT); - $stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (:u, :p)"); - $stmt->execute([':u' => $user, ':p' => $hash]); + + // 4. Prepared Statement (Mencegah SQL Injection) + $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)"); + $stmt->execute([$user, $hash]); // Eksekusi query dengan data + $ok = "Registrasi berhasil, silakan login."; + } catch (PDOException $e) { + // Tangani error jika username sudah ada (Unique Constraint) if ($e->getCode() == "23000") { $err = "Username sudah digunakan."; } else { - $err = "Error: " . $e->getMessage(); + $err = "Error: Terjadi kesalahan saat registrasi database."; } } } @@ -78,14 +68,12 @@ body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justi

Register

-
-
-
+ - +
diff --git a/users.sqlite b/users.sqlite new file mode 100644 index 0000000..efbde7a Binary files /dev/null and b/users.sqlite differ