login

1. <?php
2.  
3. //login.php
4.  
5. /**
6. * Start the session.
7. */
8. session_start();
9.  
10. /**
11. * Include our MySQL connection.
12. */
13. require 'connect.php';
14.  
15.  
16. //If the POST var "login" exists (our submit button), then we can
17. //assume that the user has submitted the login form.
18. if(isset($_POST['submit'])){
19.  
20. //Retrieve the field values from our login form.
21. $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
22. $passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
23.  
24. //Retrieve the user account information for the given username.
25. $sql = "SELECT username, password FROM l_pelanggan WHERE username = :username";
26. $stmt = $pdo->prepare($sql);
27. var_dump($stmt);
28. //Bind value.
29. $stmt->bindValue(':username', $username);
30.  
31. //Execute.
32. $stmt->execute();
33.  
34. //Fetch row.
35. $user = $stmt->fetch(PDO::FETCH_ASSOC);
36.  
37. //If $row is FALSE.
38. if($user === false){
39. //Could not find a user with that username!
40. //PS: You might want to handle this error in a more user-friendly manner!
41. echo "<script>window.alert('ID atau Password Salah')</script>";
42.  
43. } else{
44. //User account found. Check to see if the given password matches the
45. //password hash that we stored in our users table.
46.  
47. //Compare the passwords.
48. $validPassword = password_verify($passwordAttempt, $user['password']);
49.  
50. //If $validPassword is TRUE, the login has been successful.
51. if($validPassword){
52.  
53. //Provide the user with a login session.
54. $_SESSION['username'] = $username;
55.  
56.  
57. //Redirect to our protected page, which we called home.php
58. header('Location: index_list.php?id='.$user['id_pelanggan'].'');
59. exit;
60.  
61. } else{
62. //$validPassword was FALSE. Passwords do not match.
63. echo "<script>window.alert('ID atau Password Salah')</script>";
64.  
65. }
66. }
67.  
68. }
69.  
70. ?>