Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (isset($_POST['login'])) {
- $username = filter_input(INPUT_POST,'username',FILTER_SANITIZE_STRING);
- $password = filter_input(INPUT_POST,'password',FILTER_SANITIZE_STRING);
- if (empty($username) || empty($_POST['password'])) {
- echo "filed tidak boleh kosong";
- exit();
- }
- $query = "SELECT * FROM users WHERE username=:username";
- $query_params = array(
- ":username" => $username
- );
- try {
- $stmt = $db->prepare($query);
- $result = $stmt->execute($query_params);
- }
- catch (PDOException $error) {
- die("error value $error->getmessege");
- }
- $login_ok = false;
- $row = $stmt->fetch();
- // jika garapan database sama dengan post cek pssword
- if ($row) {
- // mencoba hash gabungan post password & salt
- $check_password = hash('sha256', $_POST['password'] . $row['salt']);
- // ngeloop lagi sebanyak 65536 hasil hash
- for ($round = 0; $round < 65536; $round++) {
- $check_password = hash('sha256', $check_password . $row['salt']);
- }
- // jika hasil hash loop sama dengan garapan password di databse
- // login true
- if ($check_password === $row['password']) {
- $login_ok = true;
- }
- }
- if ($login_ok) {
- // menyembunyikan row salt dan password
- unset($row['salt']);
- unset($row['password']);
- // memasukan semua garapan $row ke session
- $_SESSION['user'] = $row['username'];
- print "<script>window.location.href = '../home';</script>";
- die("Redirecting...");
- } else {
- // login gagal karena $login_ok bukan bervalue (true / 1)
- echo "login gagal";
- exit();
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement