API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 4th, 2017
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.62 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. include "config/class_database.php";
  4. include "config/serverconfig.php";
  5. include "config/debug.php";
  6. function anti_injection($data){
  7.     $filter = stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES)));
  8.     return $filter;
  9. }
  10.  
  11. $username = anti_injection(mysql_real_escape_string(strip_tags($_POST['username'])));
  12. $password = anti_injection(mysql_real_escape_string(strip_tags(md5($_POST['password']))));
  13. $level = $_POST['level'];
  14. session_start();
  15.  
  16. $sql_tglaktif = $db->database_prepare("SELECT * From thnakademik where status = 1")->execute();
  17. $data_tglaktif = $db->database_fetch_array($sql_tglaktif);
  18.  
  19. $tglaktif=date('Y-m-d');
  20.             if ($tglaktif>=$data_tglaktif['awalsmst'] && $tglaktif<=$data_tglaktif['tglyudisium']){
  21.                 $_SESSION['tgll']='Y';//date('Y-m-d');;
  22.             }else{
  23.                 $_SESSION['tgll'] = 'T';
  24.             }
  25. if ($_POST["level"] == 1){
  26.     $sql = $db->database_prepare("SELECT * FROM admin WHERE username = ? AND password = ?")->execute($username,$password);
  27. }
  28. else{
  29.     if ($_POST["level"] == 2){
  30.         $sql = $db->database_prepare("SELECT * FROM dosen WHERE username = ? AND password = ? AND aktif = 'Y'")->execute($username,$password);
  31.     }
  32.     else{
  33.         if ($_POST["level"] == 3){
  34.             $sql = $db->database_prepare("SELECT * FROM karyawan WHERE username = ? AND password = ? AND aktif = 'Y'")->execute($username,$password);
  35.         }else{
  36.         if ($_POST["level"] == 4){
  37.             $sql = $db->database_prepare("SELECT * FROM mahasiswa WHERE username = ? AND password = ? AND aktif = 'Y'")->execute($username,$password);
  38.         }else{
  39.             $sql = $db->database_prepare("SELECT * FROM as_users WHERE email = ? AND password = ? AND aktif = 'Y' AND blokir = 'N'")->execute($username,$password);
  40.         }
  41.     }
  42.  
  43. }
  44. }
  45.  
  46. $nums = $db->database_num_rows($sql);
  47.  
  48. $data = $db->database_fetch_array($sql);
  49.  
  50. if ($nums > 0){
  51.     $last_login = date('Y-m-d H:i:s');
  52.     if ($level == '1'){
  53.         $_SESSION['nama_lengkap'] = $data['nama'];
  54.         $_SESSION['username'] = $data['username'];
  55.         $_SESSION['password'] = $data['password'];
  56.         $_SESSION['userid'] = $data['--'];
  57.         $_SESSION['useri'] = $data['id'];
  58.         $_SESSION['foto'] = $data['foto'];
  59.         $_SESSION['level'] = $data['id_level'];
  60.         $_SESSION['level_admin'] = $data['level_admin'];
  61.         $_SESSION['4dm1np0lsr1'] = 'nimda';
  62.         $_SESSION['last_login'] = date('Y-m-d H:i:s');
  63.         $_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
  64.         $_SESSION['aktif'] = $data['aktif'];
  65.         $db->database_prepare("UPDATE admin SET last_login = ?, ip = ? WHERE id = ?")->execute($last_login,$_SERVER["REMOTE_ADDR"],$data["id"]);
  66.         if ($_SESSION['level_admin']==1){
  67.         header("Location: admin/utamakar.php?code=1");
  68.         }else{
  69.         if ($_SESSION['level_admin']==2 OR $_SESSION['level_admin']==3){
  70.         header("Location: subadmin/utamakar.php?code=1");
  71.         }else{
  72.         header("Location: index.php?code=1");
  73.         }
  74.         }
  75.     }
  76.     if ($level == '2'){
  77.  
  78.             $_SESSION['id_dosen'] = $data['dosen_ID'];
  79.             $_SESSION['foto'] = $data['foto'];
  80.             $_SESSION['username'] = $data['username'];
  81.             $_SESSION['password'] = $data['password'];
  82.             $_SESSION['identitas'] = $data['Identitas_ID'];
  83.             $_SESSION['kode_jurusan'] = $data['Homebase'];
  84.             $_SESSION['level'] = $data['id_level'];
  85.             $_SESSION['nama_lengkap'] = $data['nama'];
  86.             $_SESSION['jabatan_id'] = $data['Jabatan_ID'];
  87.             $_SESSION['aktif'] = $data['aktif'];
  88.             $_SESSION['4dm1nd0s3n'] = 'nimda';
  89.             //$_SESSION['blokir'] = $data['blokir'];
  90.             $_SESSION['last_login'] = date('Y-m-d H:i:s');
  91.             $_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
  92.             $db->database_prepare("UPDATE dosen SET last_login = ?, ip = ? WHERE dosen_ID = ?")->execute($last_login,$_SERVER["REMOTE_ADDR"],$data["dosen_ID"]);
  93.  
  94.             header("Location: dosen/utamakar.php?code=1");
  95.         }
  96.     if($level == '3'){
  97.             $_SESSION['id'] = $data['id'];
  98.             $_SESSION['username'] = $data['username'];
  99.             $_SESSION['password'] = $data['password'];
  100.             $_SESSION['identitas'] = $data['Identitas_ID'];
  101.             $_SESSION['kode_jurusan'] = $data['kode_jurusan'];
  102.             $_SESSION['level'] = $data['id_level'];
  103.             $_SESSION['nama_lengkap'] = $data['nama'];
  104.             //$_SESSION['nama_panggil'] = $data['nama_panggil'];
  105.             $_SESSION['aktif'] = $data['aktif'];
  106.             $_SESSION['foto'] = $data['foto'];
  107.             $_SESSION['4dm1njurusan'] = 'nimda';
  108.             $_SESSION['last_login'] = date('Y-m-d H:i:s');
  109.             $_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
  110.             $db->database_prepare("UPDATE karyawan SET last_login = ?, ip = ? WHERE id = ?")->execute($last_login,$_SERVER["REMOTE_ADDR"],$data["id"]);
  111. //          echo $_SERVER["REMOTE_ADDR"];
  112.             header("Location: karyawan/utamakar.php?code=1");
  113.             //echo $_SESSION['nama_lengkap'];
  114.             //echo $level;
  115.         }
  116.        //echo $nums;
  117.         if($level == '4'){
  118.             $_SESSION['mhs_ID'] = $data['mhs_ID'];
  119.             $_SESSION['username'] = $data['username'];
  120.             $_SESSION['password'] = $data['password'];
  121.             $_SESSION['identitas'] = $data['Identitas_ID'];
  122.             $_SESSION['kode_jurusan'] = $data['kode_jurusan'];
  123.             $_SESSION['level'] = $data['id_level'];
  124.             $_SESSION['nama_lengkap'] = $data['nama'];
  125.             //$_SESSION['nama_panggil'] = $data['nama_panggil'];
  126.             $_SESSION['aktif'] = $data['aktif'];
  127.             $_SESSION['Foto'] = $data['Foto'];
  128.             //$_SESSION['blokir'] = $data['blokir'];
  129.             $_SESSION['last_login'] = date('Y-m-d H:i:s');
  130.             $_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
  131.             //$db->database_prepare("UPDATE karyawan SET last_login = ?, ip = ? WHERE id = ?")->execute($last_login,$_SERVER["REMOTE_ADDR"],$data["id"]);
  132. //          echo $_SERVER["REMOTE_ADDR"];
  133.             header("Location: mahasiswa/utamakar.php?code=1");
  134.             //echo $_SESSION['nama_lengkap'];
  135.             //echo $level;
  136.         }
  137.        //echo $nums;
  138. }
  139. else{  
  140.  
  141.     header("Location: index.php?code=1");
  142. }
  143. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!