contoh

1. <?php
2. include "inc/inc.koneksi.php";
3. include "inc/fungsi_hdt.php";
4.  
5. function anti_injection($data){
6. $filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
7. return $filter;
8. }
9. $username= anti_injection($_POST['username']);
10. $pass = anti_injection($_POST['password']);
11. #$pass = anti_injection($_POST['password']);
12. // pastikan username dan password adalah berupa huruf atau angka.
13. if (!ctype_alnum($username) OR !ctype_alnum($pass)){
14. // echo "Sekarang loginnya tidak bisa di injeksi lho.";
15. ?>
16. <script>
17. alert('Sekarang loginnya tidak bisa di injeksi lho.');
18. window.location.href='index.php';
19. </script>
20. <?php
21. }else{
22. $login =mysql_query("SELECT * FROM user WHERE user='$username'");
23. $ketemu =mysql_num_rows($login);
24. if ($ketemu>0){
25. $r =mysql_fetch_array($login);
26. $pwd =$r['pass'];
27. if ($r['blokir'] == 'Y'){
28. salah_blokir($username);
29. return false;
30. }
31. if ($pwd==$pass){
32. sukses_masuk($username,$pass);
33. }else{
34. session_start();
35. $salah =1;
36. $_SESSION['salah']=$_SESSION['salah']+$salah;
37. if ($_SESSION['salah']>=3){
38. blokir($username);
39. }
40. salah_password();
41. }
42. }else{
43. salah_username($username);
44. }
45. }
46. ?>