login error

1. <?php
2. session_start();
3. require("../mainconfig.php");
4. $page_type = "user_login";
5. $msg_type = "nothing";
6.  
7. if (isset($_SESSION['user'])) {
8. $sess_username = $_SESSION['user']['username'];
9. $check_user = mysqli_query($db, "SELECT * FROM users WHERE username = '$sess_username'");
10. $data_user = mysqli_fetch_assoc($check_user);
11. if (mysqli_num_rows($check_user) == 0) {
12. header("Location: ".$cfg_baseurl."logout.php");
13. } else if ($data_user['status'] == "Suspended") {
14. header("Location: ".$cfg_baseurl."logout.php");
15. }
16. }
17.  
18. if (isset($_POST['login'])) {
19. $post_username = mysqli_real_escape_string($db, trim($_POST['username']));
20. $post_password = mysqli_real_escape_string($db, trim($_POST['password']));
21. $pengacak="DIE64SD854F978F15DSF54FDF561SF65416541WFSWFC634165SWCFFCS";
22. $cek_password=md5($pengacak).md5($post_password);
23. $cek_password1=base64_encode($cek_password);
24. $cek_password2=sha1($cek_password1);
25. $cek_password3="S4SMED14$cek_password2";
26.  
27. if (empty($post_username) || empty($post_password)) {
28. $msg_type = "error";
29. $msg_content = '<b>Gagal:</b> Mohon mengisi semua input.<script>swal("Ups!", "Mohon mengisi semua input.", "error");</script>';
30. } else {
31. $check_user = mysqli_query($db, "SELECT * FROM users WHERE username = '$post_username'");
32. if (mysqli_num_rows($check_user) == 0) {
33. $msg_type = "error";
34. $msg_content = '<b>Gagal:</b> Username atau password salah.<script>swal("Ups!", "Username atau password salah.", "error");</script>';
35. } else {
36. $data_user = mysqli_fetch_assoc($check_user);
37. if ($post_password <> $data_user['password']) {
38. $msg_type = "error";
39. $msg_content = '<b>Gagal:</b> Username atau password salah.<script>swal("Error!", "Username atau password salah.", "error");</script>';
40. } else if ($data_user['status'] == "Suspended") {
41. $msg_type = "error";
42. $msg_content = '<b>Gagal:</b> Akun Suspended .<script>swal("Error!", "Akun Suspended.", "error");</script>';
43.  
44. } else {
45. $_SESSION['user'] = $data_user;
46. $_SESSION['welcome'] = TRUE;
47. header("Location: ".$cfg_baseurl);
48. }
49. }
50. }
51. }
52.  
53.  
54. include("../lib/header.php");
55. ?>
56. <div class="row">
57. <div class="col-lg-offset-2 col-lg-8">
58. <div class="box box-success">
59. <div class="box-header with-border">
60. <h3 class="box-title"><i class="fa fa-sign-in"></i> Masuk</h3>
61. <div class="box-tools pull-right">
62. <button type="button" class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i>
63. </button>
64. </div>
65. </div>
66. <div class="box-body">
67. <?php
68. if ($msg_type == "error") {
69. ?>
70. <div class="alert alert-danger">
71. <a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>
72. <i class="fa fa-times-circle"></i>
73. <?php echo $msg_content; ?>
74. </div>
75. <?php
76. }
77. ?>
78. <form class="form-horizontal" role="form" method="POST">
79. <div class="form-group">
80. <label class="col-md-3 control-label">Username</label>
81. <div class="col-md-9">
82. <input type="text" name="username" class="form-control" placeholder="Username">
83. </div>
84. </div>
85. <div class="form-group">
86. <label class="col-md-3 control-label">Password</label>
87. <div class="col-md-9">
88. <input type="password" name="password" class="form-control" placeholder="Password">
89. </div>
90. </div>
91. <div class="pull-right">
92. <button type="reset" class="btn btn-danger"><i class="fa fa-refresh"></i> Ulangi </button>
93. <button type="submit" name="login" class="btn btn-success"><i class="fa fa-send"></i> Kirim </button>
94. </div>
95. <br />
96. <br />
97. </form>
98. </div>
99. </div>
100. </div>
101. </div>
102.  
103.  
104. <?php
105. include("../lib/footer.php");
106. ?>