2526-web/kelompok03-codeplay-Angelica-Rinaldo-Farrel
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

memperbaiki eror di bagian login, register, dan menambahkan database

Browse Source
This commit is contained in:
farrel 2025-12-01 12:10:28 +07:00
parent a8b4da04c6
commit 91b620be1b
5 changed files with 107 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Sudoku.html → Sudoku.php
View File

@ -1,3 +1,19 @@
<?php
session_start();
if (!isset($_SESSION['username'])) {
header("Location: login.php");
exit;
}
?>
<html>
<head>
<title>Sudoku</title>
<style>
/*CSS kamu tetap sama*/
</style>
</head>
<body>
<html> <html>
<head> <head>
<title>Sudoku</title> <title>Sudoku</title>

21
db.php Normal file
View File

@ -0,0 +1,21 @@
<?php
$host = 'localhost';
$db = 'sudoku'; // Sesuaikan dengan nama database Anda
$user = 'root'; // Default user XAMPP
$pass = ''; // Default password XAMPP (kosong)
$charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
try {
// Membuat koneksi PDO
$conn = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
?>

77
login.php
View File

@ -2,39 +2,52 @@
ini_set('display_errors', 1); ini_set('display_errors', 1);
error_reporting(E_ALL); error_reporting(E_ALL);
include 'db.php'; // Pastikan file koneksi PDO Anda benar
session_start(); session_start();
$dbFile = __DIR__ . '/users.sqlite'; $err = '';
$redirectAfterLogin = 'sudoku.php'; $username_input = ''; // Untuk menyimpan username agar tidak hilang jika salah password
try { if (isset($_POST['login'])) {
$pdo = new PDO('sqlite:' . $dbFile); $username_input = trim($_POST['username'] ?? '');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (Exception $e) {
die("DB Error: " . $e->getMessage());
}
$err = "";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user = trim($_POST['username'] ?? '');
$pass = $_POST['password'] ?? ''; $pass = $_POST['password'] ?? '';
if ($user === '' || $pass === '') { if ($username_input === '' || $pass === '') {
$err = "Isi username dan password."; $err = "Username dan password harus diisi.";
} else { } else {
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :u LIMIT 1"); try {
$stmt->execute([':u' => $user]); // 1. Ambil data user berdasarkan username
$row = $stmt->fetch(PDO::FETCH_ASSOC); // Menggunakan Prepared Statement (Aman dari SQL Injection)
$stmt = $conn->prepare("SELECT id, username, password FROM users WHERE username = ?");
$stmt->execute([$username_input]);
$user_data = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && password_verify($pass, $row['password'])) { // 2. Verifikasi Password
// password_verify akan mencocokkan input user dengan HASH di database (seperti milik 'bejo')
if ($user_data && password_verify($pass, $user_data['password'])) {
// Login Berhasil!
// Regenerasi ID Session (Security Best Practice)
session_regenerate_id(true); session_regenerate_id(true);
$_SESSION['user'] = $row['username'];
header("Location: $redirectAfterLogin"); // Simpan data ke session
exit; $_SESSION['user_id'] = $user_data['id'];
$_SESSION['username'] = $user_data['username'];
$_SESSION['login'] = true;
// Arahkan ke halaman game (sesuai gambar pertama Anda)
header("Location: sudoku.php");
exit();
} else { } else {
$err = "Username atau password salah."; $err = "Username atau password salah.";
} }
} catch (PDOException $e) {
$err = "Terjadi kesalahan sistem database.";
}
} }
} }
?> ?>
@ -42,17 +55,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<html lang="id"> <html lang="id">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title> <title>Login</title>
<style> <style>
/* Style disamakan persis dengan register.php Anda */
body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justify-content:center; align-items:center; margin:0; } body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justify-content:center; align-items:center; margin:0; }
.card { width:350px; background:white; padding:20px; border-radius:10px; box-shadow:0 6px 20px rgba(0,0,0,0.1); } .card { width:350px; background:white; padding:20px; border-radius:10px; box-shadow:0 6px 20px rgba(0,0,0,0.1); }
.input { width:100%; padding:10px; margin:8px 0; border:1px solid #ccc; border-radius:8px; } .input { width:100%; padding:10px; margin:8px 0; border:1px solid #ccc; border-radius:8px; box-sizing: border-box; }
.btn { width:100%; padding:12px; background:#1e90ff; color:white; border:none; border-radius:8px; cursor:pointer; } .btn { width:100%; padding:12px; background:#007bff; color:white; border:none; border-radius:8px; cursor:pointer; }
.err { color:#d00000; margin-bottom:10px; text-align:center; } .btn:hover { background:#0056b3; }
.err { color:#d00000; margin-bottom:10px; text-align:center; background: #ffe6e6; padding: 5px; border-radius: 5px;}
.link { text-align:center; margin-top:10px; } .link { text-align:center; margin-top:10px; }
a { text-decoration: none; color: #007bff; }
</style> </style>
</head> </head>
<body> <body>
<div class="card"> <div class="card">
<h2>Login</h2> <h2>Login</h2>
@ -60,15 +78,16 @@ body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justi
<div class="err"><?= htmlspecialchars($err) ?></div> <div class="err"><?= htmlspecialchars($err) ?></div>
<?php endif; ?> <?php endif; ?>
<form method="post"> <form method="POST" action="login.php">
<input class="input" type="text" name="username" placeholder="Username"> <input class="input" type="text" name="username" placeholder="Masukkan Username" value="<?= htmlspecialchars($username_input) ?>" required>
<input class="input" type="password" name="password" placeholder="Password"> <input class="input" type="password" name="password" placeholder="Masukkan Password" required>
<button class="btn" type="submit">Masuk</button> <button class="btn" type="submit" name="login">Masuk</button>
</form> </form>
<div class="link"> <div class="link">
Belum punya akun? <a href="register.php">Daftar</a> Belum punya akun? <a href="register.php">Daftar</a>
</div> </div>
</div> </div>
</body> </body>
</html> </html>

48
register.php
View File

@ -2,41 +2,25 @@
ini_set('display_errors', 1); ini_set('display_errors', 1);
error_reporting(E_ALL); error_reporting(E_ALL);
include 'db.php'; // Pastikan $conn ada di sini
session_start(); session_start();
$dbFile = __DIR__ . '/users.sqlite'; $err = ''; // Variabel untuk pesan error
$ok = ''; // Variabel untuk pesan sukses
try {
$pdo = new PDO('sqlite:' . $dbFile);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// create table if not exists
$pdo->exec("
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
password TEXT NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)
");
} catch (Exception $e) {
die("DB Error: " . $e->getMessage());
}
$err = "";
$ok = "";
// Regex password: minimal 6, huruf + angka // Regex password: minimal 6, huruf + angka
function password_valid($p) { function password_valid($p) {
return preg_match('/^(?=.*[A-Za-z])(?=.*\d).{6,}$/', $p); return preg_match('/^(?=.*[A-Za-z])(?=.*\d).{6,}$/', $p);
} }
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['register'])) {
// 1. Ambil dan bersihkan input
$user = trim($_POST['username'] ?? ''); $user = trim($_POST['username'] ?? '');
$pass = $_POST['password'] ?? ''; $pass = $_POST['password'] ?? '';
$pass2 = $_POST['password_confirm'] ?? ''; $pass2 = $_POST['password_confirm'] ?? '';
// 2. Validasi Input
if ($user === '' || $pass === '' || $pass2 === '') { if ($user === '' || $pass === '' || $pass2 === '') {
$err = "Semua field harus diisi."; $err = "Semua field harus diisi.";
} elseif ($pass !== $pass2) { } elseif ($pass !== $pass2) {
@ -45,15 +29,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$err = "Password minimal 6 karakter, harus mengandung huruf & angka."; $err = "Password minimal 6 karakter, harus mengandung huruf & angka.";
} else { } else {
try { try {
// 3. Hash Password (Keamanan Kritis!)
$hash = password_hash($pass, PASSWORD_DEFAULT); $hash = password_hash($pass, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (:u, :p)");
$stmt->execute([':u' => $user, ':p' => $hash]); // 4. Prepared Statement (Mencegah SQL Injection)
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->execute([$user, $hash]); // Eksekusi query dengan data
$ok = "Registrasi berhasil, silakan login."; $ok = "Registrasi berhasil, silakan login.";
} catch (PDOException $e) { } catch (PDOException $e) {
// Tangani error jika username sudah ada (Unique Constraint)
if ($e->getCode() == "23000") { if ($e->getCode() == "23000") {
$err = "Username sudah digunakan."; $err = "Username sudah digunakan.";
} else { } else {
$err = "Error: " . $e->getMessage(); $err = "Error: Terjadi kesalahan saat registrasi database.";
} }
} }
} }
@ -78,14 +68,12 @@ body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justi
<div class="card"> <div class="card">
<h2>Register</h2> <h2>Register</h2>
<?php if ($err): ?><div class="err"><?= htmlspecialchars($err) ?></div><?php endif; ?>
<?php if ($ok): ?><div class="ok"><?= htmlspecialchars($ok) ?></div><?php endif; ?>
<form method="post"> <form method="POST" action="register.php">
<input class="input" type="text" name="username" placeholder="Masukkan Username"> <input class="input" type="text" name="username" placeholder="Masukkan Username">
<input class="input" type="password" name="password" placeholder="Masukkan Password"> <input class="input" type="password" name="password" placeholder="Masukkan Password">
<input class="input" type="password" name="password_confirm" placeholder="Konfirmasi Password"> <input class="input" type="password" name="password_confirm" placeholder="Konfirmasi Password">
<button class="btn" type="submit">Daftar</button> <button class="btn" type="submit" name="register">Daftar</button>
</form> </form>
<div class="link"> <div class="link">

BIN
users.sqlite Normal file
View File

Binary file not shown.