login.php

1. <?php
2. require ( __DIR__ . '/init.php');
3. doUserAuthRedirect();
4.  
5. // TEMPLATE CONTROL
6. $ui_register_page = 'login';
7.  
8. // LOAD HEADER
9. loadAssetsHead('Login');
10.  
11. // FORM PROCESSING
12. if( isset($_POST['login']) ){
13. include('config.php');
14.  
15. session_start();
16.  
17. //tangkap data dari form login
18. $username = $_POST['username'];
19. $password = $_POST['password'];
20.  
21.  
22. //untuk mencegah sql injection
23. //kita gunakan mysql_real_escape_string
24. $username = mysql_real_escape_string($username);
25. $password = mysql_real_escape_string($password);
26.  
27.  
28. //cek data yang dikirim, apakah kosong atau tidak
29. if (empty($username) && empty($password)) {
30. //kalau username dan password kosong
31. header('location:login?error=1');
32. break;
33. }
34.  
35. else if (empty($username)) {
36. //kalau username saja yang kosong
37. header('location:login?error=2');
38. break;
39. }
40.  
41. else if (empty($password)) {
42. //kalau password saja yang kosong
43. header('location:login?error=3');
44. break;
45. }
46.  
47.  
48. $op = $_GET['op'];
49.  
50. //>>>>>>>>>>>>>>>SISWA<<<<<<<<<<<<<<<<<
51. if($op=="in") {
52. if(strlen($username)==8){
53. $cek = mysql_query("SELECT * FROM user, siswa WHERE user.id_user=siswa.id_user AND nis='$username' AND password='$password'");
54. if(mysql_num_rows($cek)==1){//jika berhasil akan bernilai 1
55. $c = mysql_fetch_array($cek);
56. $_SESSION['id_user'] = $c['id_user'];
57. $_SESSION['usernamesiswa'] = $c['nis'];
58. $_SESSION['tingkat_user'] = $c['tingkat_user'];
59. header("location:dashboard");
60. }
61. }
62. //>>>>>>>>>>>>>>ADMIN<<<<<<<<<<<<<<<<
63. elseif(strlen($username)==5){
64. $pengguna="pengguna";
65. $cek = mysql_query("SELECT * FROM user, admin WHERE user.id_user=admin.id_user AND username='$username' AND password='$password' AND pengguna=$pengguna");
66. if(mysql_num_rows($cek)==1){//jika berhasil akan bernilai 1
67. $c = mysql_fetch_array($cek);
68. $_SESSION['id_user'] = $c['id_user'];
69. $_SESSION['usernameadmin'] = $c['username'];
70. $_SESSION['tingkat_user'] = $c['tingkat_user'];
71. $_SESSION['pengguna'] = $c['pengguna'];
72. header("location:dashboard");
73. }
74. }
75. //>>>>>>>>>>>>>>>PEGAWAI<<<<<<<<<<<<<<<
76. elseif(strlen($username)==10){
77. $cek = mysql_query("SELECT * FROM user, pegawai WHERE pegawai.id_user=user.id_user AND id_pegawai='$username' AND password='$password'");
78. if(mysql_num_rows($cek)==1){//jika berhasil akan bernilai 1
79. $c = mysql_fetch_array($cek);
80. $_SESSION['id_user'] = $c['id_user'];
81. $_SESSION['usernametu'] = $c['id_pegawai'];
82. $_SESSION['tingkat_user'] = $c['tingkat_user'];
83. header("location:dashboard");
84. }
85. }
86. //>>>>>>>>>>>>>>>>>GURU PIKET<<<<<<<<<<<<<<<<<
87. elseif(strlen($username)==12){
88. date_default_timezone_set("asia/jakarta");
89. $a_hari = array(1=>"Senin","Selasa","Rabu","Kamis","Jumat", "Sabtu");
90. $hari = $a_hari[date("N")];
91. $cek = mysql_query("SELECT * FROM user, guru WHERE user.id_user=guru.id_user AND nip='$username' AND password='$password' AND hari = '$hari'");
92. if(mysql_num_rows($cek)==1){//jika berhasil akan bernilai 1
93. $c = mysql_fetch_array($cek);
94. $_SESSION['id_user'] = $c['id_user'];
95. $_SESSION['usernameguru'] = $c['nip'];
96. $_SESSION['tingkat_user'] = $c['tingkat_user'];
97. $_SESSION['hari'] = $c['hari'];
98. header("location:dashboard");
99. }
100. else{
101. //>>>>>>>>>>>>>>>>> GURU BK <<<<<<<<<<<<<<<
102. $jabatan="Guru BK";
103. $cek = mysql_query("SELECT * FROM user, guru WHERE guru.id_user=user.id_user AND nip='$username' AND password='$password' AND jabatan = '$jabatan'");
104. if(mysql_num_rows($cek)==1){//jika berhasil akan bernilai 1
105. $c = mysql_fetch_array($cek);
106. $_SESSION['id_user'] = $c['id_user'];
107. $_SESSION['usernameguru'] = $c['nip'];
108. $_SESSION['tingkat_user'] = $c['tingkat_user'];
109. $_SESSION['jabatan'] = $c['jabatan'];
110. header("location:dashboard");
111. }
112. else{
113. //>>>>>>>>>>>>>>>> GURU <<<<<<<<<<<<<<<<<<
114. $cek = mysql_query("SELECT * FROM user, guru WHERE guru.id_user=user.id_user AND nip='$username' AND password='$password'");
115. if(mysql_num_rows($cek)==1){//jika berhasil akan bernilai 1
116. $c = mysql_fetch_array($cek);
117. $_SESSION['id_user'] = $c['id_user'];
118. $_SESSION['usernameguru'] = $c['nip'];
119. $_SESSION['tingkat_user'] = $c['tingkat_user'];
120.  
121. header("location:dashboard");
122. }
123. else {
124. //kalau username ataupun password tidak terdaftar di database
125. header('location:login?error=4');
126. }
127. }
128. }
129. }
130. }
131. }
132. elseif($op=="out"){
133. unset($_SESSION['id_user']);
134. unset($_SESSION['username']);
135. unset($_SESSION['usernamesiswa']);
136. unset($_SESSION['usernametu']);
137. unset($_SESSION['usernameadmin']);
138. unset($_SESSION['usernameguru']);
139. unset($_SESSION['tingkat_user']);
140. unset($_SESSION['hari']);
141. unset($_SESSION['jabatan']);
142. header("location:login");
143. }
144.  
145.  
146. ?>
147.  
148. <body>
149.  
150.  
151. <div class="uk-container uk-container-center uk-margin-top uk-margin-bottom uk-margin-top">
152.  
153. <div class="uk-vertical-align uk-text-right uk-height-1-1">
154. <img class="uk-margin-bottom" width="500px" height="70px" src="assets/images/banner.png" alt="SI Inventaris" title="SI Inventaris">
155. </div>
156.  
157. <hr class="uk-article-divider">
158. <article class="uk-article">
159.  
160.  
161.  
162.  
163. <h1 class="uk-article-title uk-text-center">Login</h1>
164. <br>
165.  
166. <div class="uk-panel uk-width-1-2 uk-container-center uk-text-center">
167.  
168.  
169. <?php
170. //kode php ini kita gunakan untuk menampilkan pesan eror
171. if (!empty($_GET['error'])) {
172. if ($_GET['error'] == 1) {
173. echo '<h3><center><font color="red">Username dan Password kosong!</font></center></h3>';
174. }
175. else if ($_GET['error'] == 2) {
176. echo '<h3><center><font color="red">Username belum diisi!</font></center></h3>';
177. }
178. else if ($_GET['error'] == 3) {
179. echo '<h3><center><font color="red">Password belum diisi!</font></center></h3>';
180. }
181. else if ($_GET['error'] == 4) {
182. echo '<h3><center><font color="red">Username atau Password salah!</font></center></h3>';
183. }
184. }
185. ?>
186.  
187. <form class="uk-form uk-form-stacked" name="login" method="post" action="login.php?op=in">
188.  
189. <div class="uk-form-row">
190. <div class="uk-form-controls"><input type="text" name="username" placeholder="Username" class="uk-form-large" required></div>
191. </div >
192.  
193. <div class="uk-form-row">
194. <div class="uk-form-controls"><input type="password" name="password" placeholder="Password" class="uk-form-large" required>
195. </div>
196. </div>
197.  
198. <div class="uk-form-row">
199. <button type="submit" value="login" name="login" class="uk-button uk-button-large uk-button-success" title="Login"><i class="uk-icon-unlock-alt"></i> Login</button>
200. </div>
201.  
202. </form>
203.  
204. </div>
205.  
206. </article>
207. </div>
208. </body>
209.  
210. <?php
211. // LOAD FOOTER
212. loadAssetsFoot();
213. ob_end_flush();
214. ?>