fix: index.php and user.sql

src/index.php

@@ -1,45 +1,44 @@
 <?php 
 session_start();
 include "config/db.php";
-include "notif.php";
 
-if(isset($_POST['login'])){
-    $username = $_POST['username'];
-    $password = $_POST['password'];
+if (isset($_POST['login'])) {
+    $username = trim($_POST['username']);
+    $password = trim($_POST['password']);
 
-    if(empty($username)||empty($password)){
-        $msg = "Data Harus Lengkap !";
-        echo "<script>showNotif(" . json_encode($msg) . ");</script>";
-    }else{
-        $sql = "SELECT * FROM users WHERE username =?";
-        $stmt = $db -> prepare($sql);
-        $stmt->bind_param('s',$username);
+    if ($username === "" || $password === "") {
+        $_SESSION['flash'] = "Data harus lengkap!";
+    } 
+        $sql = "SELECT * FROM users WHERE username = ?";
+        $stmt = $db->prepare($sql); // agar aman dari sql injection
+        $stmt->bind_param("s", $username); // agar rapi tidak muncul di bagian atas query
         $stmt->execute();
-        $result = $stmt ->get_result();
+        $result = $stmt->get_result();
 
-        if($result->num_rows ===1){
-            $user = $result ->fetch_assoc();
-            if(password_verify($password,$user['password'])){
-                $_SESSION['loggedin']='true';   
-                $_SESSION['username']=$user['username'];  
-                $_SESSION['id']=$user['id']; 
-                header("location:onboard.php");
+        if ($result->num_rows === 1) {
+
+            $user = $result->fetch_assoc();
+
+            if (password_verify($password, $user['password'])) {
+                $_SESSION['loggedin'] = true;
+                $_SESSION['username'] = $user['username'];
+                $_SESSION['id'] = $user['id'];
+                $_SESSION['flash'] = "Wellcome to Dungeon, player $username";
+                header("Location: onboard.php");
                 exit();
-            }else{
-                $msg = "Password Salah !";
-                echo "<script>showNotif(" . json_encode($msg) . ");</script>";
-            }
-        }else{
-            $msg = "Username tidak ditemukan !";
-                echo "<script>showNotif(" . json_encode($msg) . ");</script>";
-        }
-        $stmt->close();
-    }
-}
-$db->close();
 
+            } else {
+                $_SESSION['flash'] = "Password salah!";
+            }
+
+        } else {
+            $_SESSION['flash'] = "Username tidak ditemukan!";
+        }
+    
+}
 ?>
 
+
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -52,13 +51,22 @@ $db->close();
 </head>
 <body>
     <div class="container-login">
+        <?php
+    include "notif.php";
+
+    if (isset($_SESSION['flash'])) {
+        echo "<script>showNotif(" . json_encode($_SESSION['flash']) . ");</script>";
+        unset($_SESSION['flash']);
+    }
+    ?>
+
         <h1 data-aos="zoom-out" data-aos-duration="1000">codebeater</h1>
         <form class="login-form" action ="index.php" method="POST">
             <h2 data-aos="fade-up" data-aos-duration="1000">Login to your account</h2>
             <input type="text" name="username" id="username" placeholder="input your username"  data-aos="fade-up" data-aos-duration="2000"><br>
             <input type="password" name="password" id="password" placeholder="input your password" data-aos="fade-up" data-aos-duration="2000"><br>
-            <button type="submit" name="login" placeholder="input your password" data-aos="fade-up" data-aos-duration="3000">LOGIN</button>
-            <p placeholder="input your password" data-aos="fade-up" data-aos-duration="3000"><a href="register.php">don't have account yet?<span> register now!</span></a></p>
+            <button type="submit" name="login"  data-aos="fade-up" data-aos-duration="3000">LOGIN</button>
+            <p data-aos="fade-up" data-aos-duration="3000"><a href="register.php">don't have account yet?<span> register now!</span></a></p>
         </form>
         <div id="notif" class="notif"></div>
     </div>