memperbaiki eror di bagian login, register, dan menambahkan database
This commit is contained in:
farrel
parent
a8b4da04c6
commit
91b620be1b
@ -1,3 +1,19 @@
|
||||
<?php
|
||||
session_start();
|
||||
if (!isset($_SESSION['username'])) {
|
||||
header("Location: login.php");
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Sudoku</title>
|
||||
<style>
|
||||
/*CSS kamu tetap sama*/
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<html>
|
||||
<head>
|
||||
<title>Sudoku</title>
|
||||
21
db.php
Normal file
21
db.php
Normal file
@ -0,0 +1,21 @@
|
||||
<?php
|
||||
$host = 'localhost';
|
||||
$db = 'sudoku'; // Sesuaikan dengan nama database Anda
|
||||
$user = 'root'; // Default user XAMPP
|
||||
$pass = ''; // Default password XAMPP (kosong)
|
||||
$charset = 'utf8mb4';
|
||||
|
||||
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
|
||||
$options = [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
PDO::ATTR_EMULATE_PREPARES => false,
|
||||
];
|
||||
|
||||
try {
|
||||
// Membuat koneksi PDO
|
||||
$conn = new PDO($dsn, $user, $pass, $options);
|
||||
} catch (\PDOException $e) {
|
||||
throw new \PDOException($e->getMessage(), (int)$e->getCode());
|
||||
}
|
||||
?>
|
||||
77
login.php
77
login.php
@ -2,39 +2,52 @@
|
||||
ini_set('display_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
include 'db.php'; // Pastikan file koneksi PDO Anda benar
|
||||
|
||||
session_start();
|
||||
|
||||
$dbFile = __DIR__ . '/users.sqlite';
|
||||
$redirectAfterLogin = 'sudoku.php';
|
||||
$err = '';
|
||||
$username_input = ''; // Untuk menyimpan username agar tidak hilang jika salah password
|
||||
|
||||
try {
|
||||
$pdo = new PDO('sqlite:' . $dbFile);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
} catch (Exception $e) {
|
||||
die("DB Error: " . $e->getMessage());
|
||||
}
|
||||
|
||||
$err = "";
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$user = trim($_POST['username'] ?? '');
|
||||
if (isset($_POST['login'])) {
|
||||
$username_input = trim($_POST['username'] ?? '');
|
||||
$pass = $_POST['password'] ?? '';
|
||||
|
||||
if ($user === '' || $pass === '') {
|
||||
$err = "Isi username dan password.";
|
||||
if ($username_input === '' || $pass === '') {
|
||||
$err = "Username dan password harus diisi.";
|
||||
} else {
|
||||
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :u LIMIT 1");
|
||||
$stmt->execute([':u' => $user]);
|
||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
try {
|
||||
// 1. Ambil data user berdasarkan username
|
||||
// Menggunakan Prepared Statement (Aman dari SQL Injection)
|
||||
$stmt = $conn->prepare("SELECT id, username, password FROM users WHERE username = ?");
|
||||
$stmt->execute([$username_input]);
|
||||
$user_data = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($row && password_verify($pass, $row['password'])) {
|
||||
// 2. Verifikasi Password
|
||||
// password_verify akan mencocokkan input user dengan HASH di database (seperti milik 'bejo')
|
||||
if ($user_data && password_verify($pass, $user_data['password'])) {
|
||||
|
||||
// Login Berhasil!
|
||||
|
||||
// Regenerasi ID Session (Security Best Practice)
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['user'] = $row['username'];
|
||||
header("Location: $redirectAfterLogin");
|
||||
exit;
|
||||
|
||||
// Simpan data ke session
|
||||
$_SESSION['user_id'] = $user_data['id'];
|
||||
$_SESSION['username'] = $user_data['username'];
|
||||
$_SESSION['login'] = true;
|
||||
|
||||
// Arahkan ke halaman game (sesuai gambar pertama Anda)
|
||||
header("Location: sudoku.php");
|
||||
exit();
|
||||
|
||||
} else {
|
||||
$err = "Username atau password salah.";
|
||||
}
|
||||
|
||||
} catch (PDOException $e) {
|
||||
$err = "Terjadi kesalahan sistem database.";
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
@ -42,17 +55,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<html lang="id">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Login</title>
|
||||
<style>
|
||||
/* Style disamakan persis dengan register.php Anda */
|
||||
body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justify-content:center; align-items:center; margin:0; }
|
||||
.card { width:350px; background:white; padding:20px; border-radius:10px; box-shadow:0 6px 20px rgba(0,0,0,0.1); }
|
||||
.input { width:100%; padding:10px; margin:8px 0; border:1px solid #ccc; border-radius:8px; }
|
||||
.btn { width:100%; padding:12px; background:#1e90ff; color:white; border:none; border-radius:8px; cursor:pointer; }
|
||||
.err { color:#d00000; margin-bottom:10px; text-align:center; }
|
||||
.input { width:100%; padding:10px; margin:8px 0; border:1px solid #ccc; border-radius:8px; box-sizing: border-box; }
|
||||
.btn { width:100%; padding:12px; background:#007bff; color:white; border:none; border-radius:8px; cursor:pointer; }
|
||||
.btn:hover { background:#0056b3; }
|
||||
.err { color:#d00000; margin-bottom:10px; text-align:center; background: #ffe6e6; padding: 5px; border-radius: 5px;}
|
||||
.link { text-align:center; margin-top:10px; }
|
||||
a { text-decoration: none; color: #007bff; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="card">
|
||||
<h2>Login</h2>
|
||||
|
||||
@ -60,15 +78,16 @@ body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justi
|
||||
<div class="err"><?= htmlspecialchars($err) ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<form method="post">
|
||||
<input class="input" type="text" name="username" placeholder="Username">
|
||||
<input class="input" type="password" name="password" placeholder="Password">
|
||||
<button class="btn" type="submit">Masuk</button>
|
||||
<form method="POST" action="login.php">
|
||||
<input class="input" type="text" name="username" placeholder="Masukkan Username" value="<?= htmlspecialchars($username_input) ?>" required>
|
||||
<input class="input" type="password" name="password" placeholder="Masukkan Password" required>
|
||||
<button class="btn" type="submit" name="login">Masuk</button>
|
||||
</form>
|
||||
|
||||
<div class="link">
|
||||
Belum punya akun? <a href="register.php">Daftar</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
48
register.php
48
register.php
@ -2,41 +2,25 @@
|
||||
ini_set('display_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
include 'db.php'; // Pastikan $conn ada di sini
|
||||
|
||||
session_start();
|
||||
|
||||
$dbFile = __DIR__ . '/users.sqlite';
|
||||
|
||||
try {
|
||||
$pdo = new PDO('sqlite:' . $dbFile);
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
// create table if not exists
|
||||
$pdo->exec("
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
username TEXT UNIQUE NOT NULL,
|
||||
password TEXT NOT NULL,
|
||||
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||
)
|
||||
");
|
||||
|
||||
} catch (Exception $e) {
|
||||
die("DB Error: " . $e->getMessage());
|
||||
}
|
||||
|
||||
$err = "";
|
||||
$ok = "";
|
||||
$err = ''; // Variabel untuk pesan error
|
||||
$ok = ''; // Variabel untuk pesan sukses
|
||||
|
||||
// Regex password: minimal 6, huruf + angka
|
||||
function password_valid($p) {
|
||||
return preg_match('/^(?=.*[A-Za-z])(?=.*\d).{6,}$/', $p);
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (isset($_POST['register'])) {
|
||||
// 1. Ambil dan bersihkan input
|
||||
$user = trim($_POST['username'] ?? '');
|
||||
$pass = $_POST['password'] ?? '';
|
||||
$pass2 = $_POST['password_confirm'] ?? '';
|
||||
|
||||
// 2. Validasi Input
|
||||
if ($user === '' || $pass === '' || $pass2 === '') {
|
||||
$err = "Semua field harus diisi.";
|
||||
} elseif ($pass !== $pass2) {
|
||||
@ -45,15 +29,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$err = "Password minimal 6 karakter, harus mengandung huruf & angka.";
|
||||
} else {
|
||||
try {
|
||||
// 3. Hash Password (Keamanan Kritis!)
|
||||
$hash = password_hash($pass, PASSWORD_DEFAULT);
|
||||
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (:u, :p)");
|
||||
$stmt->execute([':u' => $user, ':p' => $hash]);
|
||||
|
||||
// 4. Prepared Statement (Mencegah SQL Injection)
|
||||
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
|
||||
$stmt->execute([$user, $hash]); // Eksekusi query dengan data
|
||||
|
||||
$ok = "Registrasi berhasil, silakan login.";
|
||||
|
||||
} catch (PDOException $e) {
|
||||
// Tangani error jika username sudah ada (Unique Constraint)
|
||||
if ($e->getCode() == "23000") {
|
||||
$err = "Username sudah digunakan.";
|
||||
} else {
|
||||
$err = "Error: " . $e->getMessage();
|
||||
$err = "Error: Terjadi kesalahan saat registrasi database.";
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -78,14 +68,12 @@ body { font-family: Arial; background:#eef2f7; display:flex; height:100vh; justi
|
||||
<div class="card">
|
||||
<h2>Register</h2>
|
||||
|
||||
<?php if ($err): ?><div class="err"><?= htmlspecialchars($err) ?></div><?php endif; ?>
|
||||
<?php if ($ok): ?><div class="ok"><?= htmlspecialchars($ok) ?></div><?php endif; ?>
|
||||
|
||||
<form method="post">
|
||||
<form method="POST" action="register.php">
|
||||
<input class="input" type="text" name="username" placeholder="Masukkan Username">
|
||||
<input class="input" type="password" name="password" placeholder="Masukkan Password">
|
||||
<input class="input" type="password" name="password_confirm" placeholder="Konfirmasi Password">
|
||||
<button class="btn" type="submit">Daftar</button>
|
||||
<button class="btn" type="submit" name="register">Daftar</button>
|
||||
</form>
|
||||
|
||||
<div class="link">
|
||||
|
||||
BIN
users.sqlite
Normal file
BIN
users.sqlite
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user