-
Notifications
You must be signed in to change notification settings - Fork 3
/
login.php
60 lines (51 loc) · 1.65 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
session_start();
if (isset($_SESSION['userid']) && $_SESSION['userid']) {
header('Location: ../index.php?message=You already login');
exit();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
if ($_POST['token'] != $_SESSION['login']) {
unset($_SESSION['login']);
header("Location: {$_SERVER['PHP_SELF']}?error=Invalid Token");
exit();
}
require_once('../helpers/config.php');
require_once('../helpers/connection.php');
$query = 'SELECT * FROM users WHERE username = ?';
$stmt = $db->prepare($query);
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
$data = $result -> fetch_assoc();
if (!$data || !password_verify($_POST['password'], $data['password'])) {
$_GET['error'] = 'Invalid username or password';
} else if (!$data['is_verified_email']) {
$_GET['error'] = 'Please verify your email';
} else if (!$data['is_actived']) {
$_GET['error'] = 'Your account inactive';
} else {
$result -> free_result();
$db -> close();
$_SESSION['userid'] = $data['id'];
$_SESSION['role'] = $data['role'];
unset($_SESSION['login']);
if ($data['role'] == 'A') {
header('Location: ../adm/index.php');
} else {
header('Location: ../index.php');
}
exit();
}
unset($_SESSION['login']);
} catch(Exception $e) {
unset($_SESSION['login']);
header("Location: {$_SERVER['PHP_SELF']}?error=Gagal login");
exit();
}
}
$datetime = new DateTime();
$_SESSION['login'] = $datetime->getTimestamp();
require_once('../login_view.php');