if (isset($_POST['login'])) { $post_username = mysqli_real_escape_string($db,

1. if (isset($_POST['login'])) {
2. $post_username = mysqli_real_escape_string($db,stripslashes(strip_tags(htmlspecialchars($_POST['user'],ENT_QUOTES))));
3. $post_password = mysqli_real_escape_string($db,stripslashes(strip_tags(htmlspecialchars($_POST['pswd'],ENT_QUOTES))));
4. $code = addslashes( $_POST['code'] );
5. if (empty($post_username) || empty($post_password) || empty($code)) {
6. $msg_type = "error";
7. $msg_content = "<b>Gagal:</b> Mohon mengisi semua input.";
8. } else if ($code != $_SESSION["security_code"] ) {
9. $msg_type = "error";
10. $msg_content = "<b>Gagal:</b> Kode tidak cocok.";
11.  
12. } else {
13. $check_user = mysqli_query($db, "SELECT * FROM users WHERE username = '$post_username'");
14. if (mysqli_num_rows($check_user) == 0) {
15. $msg_type = "error";
16. $msg_content = "<b>Gagal:</b> Username/Password salah";
17. } else {
18. $data_user = mysqli_fetch_assoc($check_user);
19. if (password_verify($post_password, $data_user['password']) == false) {
20. $msg_type = "error";
21. $msg_content = "<b>Gagal:</b> Username/Password salah";
22. } else if ($data_user['status'] == "Suspended") {
23. $msg_type = "error";
24. $msg_content = "<b>Gagal:</b> Akun nonaktif.";
25. } else {
26. $_SESSION['user'] = $data_user;
27. header("Location: ".$cfg_baseurl);
28. }
29. }
30. }
31. }