Anda di halaman 1dari 3

Mawan A. Nugroho http://mawan.or.

id Halaman 1


Berikut ini adalah contoh script (program) PHP paling sederhana tentang login
dan logout yang menggunakan database dan session. Dibuat sesederhana
mungkin agar mudah dipelahari. Di sini belum disisipi fitur pengecekan input
dari user, sehingga masih rentan terhadap serangan SQL injection.
Anda boleh menggunakan script ini untuk bahan pembelajaran di
sekolah/kampus anda, asalkan nama saya tetap dicantumkan. Terima kasih.

Copyright by Mawan A. Nugroho, 2011. All rights reserved.

Nama file: setup.php

<ht ml >
<head>
<t i t l e>Setup Database</ t i t l e>
</ head>

<body>
<?php
$cn = @mysql _connect ( " l ocal host " , " r oot " , " " ) or die( " Gagal konek ke MySQL. ") ;
mysql _quer y( " dr op dat abase i f exi st s db_user " , $cn) or die( " Gagal menghapus dat abase. " ) ;
mysql _quer y( " cr eat e dat abase db_user " , $cn) or die( "Gagal membuat dat abase. ") ;
mysql _sel ect _db( " db_user " , $cn) or die( " Gagal membuka dat abase. ") ;
mysql _quer y( " cr eat e t abl e t b_user (
l ogi n_user name var char ( 32) not nul l ,
l ogi n_passwor d char ( 32) ,
l ogi n_r i ght s var char ( 32) ,
pr i mar y key( l ogi n_user name)
) ", $cn) or die( " Gagal membuat t abel . " ) ;
mysql _quer y( " i nser t i nt o t b_user val ues( ' admi n' , md5( ' admi n' ) , ' [ A] [ U] ' ) " , $cn) ;
mysql _quer y( " i nser t i nt o t b_user val ues( ' user ' , md5( ' user ' ) , ' [ U] ' ) " , $cn) ;
mysql _cl ose( $cn) ;
?>
<p>Sukses meng-setup database!<br / >
Username: <b>admin</ b> dan Password: <b>admin</ b><br / >
Username: <b>user</ b> dan Password: <b>user</ b>
</ p>
<p>Silakan menuju <a hr ef ="index.php">index.php</ a></ p>
</ body>
</ ht ml >

Nama file: index.php

<ht ml >
<head>
<t i t l e>Homepage</ t i t l e>
</ head>

<body>
<p>
<a hr ef ="index.php">Home</ a> |
<a hr ef ="login.php">Login</ a> |
<a hr ef ="member.php">Member</ a> |
<a hr ef ="logout.php">Logout</ a>
</ p>
<p>Selamat datang. Di sini semua orang bisa mengakses.</ p>
</ body>
</ ht ml >

Nama file: login.php

<?php
sessi on_st ar t ( ) ;
Mawan A. Nugroho http://mawan.or.id Halaman 2



$user name = " " ;
$passwor d = " " ;
if ( isset( $_POST[ ' user name' ] ) && isset( $_POST[ ' passwor d' ] ) ) {
$un = $_POST[ ' user name' ] ;
$pw = md5( $_POST[ ' passwor d' ] ) ;
$cn = @mysql _connect ( "l ocal host " , " r oot ", " ") or die( " Gagal konek ke MySQL. " ) ;
mysql _sel ect _db( " db_user ") or die( " Gagal memi l i h dat abase. ") ;
$quer y = "sel ect * f r omt b_user wher e
l ogi n_user name = ' $un' and l ogi n_passwor d = ' $pw' " ;
$hasi l = mysql _quer y( $quer y) or die( "Gagal mel akukan quer y. " ) ;
if ( $hasi l ! = false) {
if ( mysql _num_r ows( $hasi l ) == 1) {
$user name = $_POST[ ' user name' ] ;
$passwor d = $_POST[ ' passwor d' ] ;
$_SESSI ON[ ' user name' ] = $_POST[ ' user name' ] ;
$_SESSI ON[ ' passwor d' ] = $_POST[ ' passwor d' ] ;
};
};
};
?>
<ht ml >
<head>
<t i t l e>Login</ t i t l e>
</ head>

<body>
<p>
<a hr ef ="index.php">Home</ a> |
<a hr ef ="login.php">Login</ a> |
<a hr ef ="member.php">Member</ a> |
<a hr ef ="logout.php">Logout</ a>
</ p>
<p>
<?php
if ( empty( $user name) ) {
if ( isset( $_POST[ ' user name' ] ) | | isset( $_POST[ ' passwor d' ] ) ) {
echo " <p>User name dan passwor d yang anda ket i k adal ah sal ah! </ p>" ;
};
?>
<f or mname="login_form" met hod="post" act i on="login.php">
Username: <i nput name="username" si ze="32" maxl engt h="32"><br / >
Password: <i nput name="password" t ype="password" si ze="32" maxl engt h="32">
<i nput t ype="submit" name="button" val ue="Submit">
</ f or m>
<?php
}
else {
?>
<p>Anda telah berlasil melakukan login.</ p>
<?php
};
?>
</ p>
</ body>
</ ht ml >

Nama file: member.php

<?php
sessi on_st ar t ( ) ;

$user name = " " ;
$passwor d = " " ;
if ( isset( $_SESSI ON[ ' user name' ] ) && isset( $_SESSI ON[ ' passwor d' ] ) ) {
$un = $_SESSI ON[ ' user name' ] ;
$pw = md5( $_SESSI ON[ ' passwor d' ] ) ;
Mawan A. Nugroho http://mawan.or.id Halaman 3


$cn = @mysql _connect ( "l ocal host " , " r oot ", " ") or die( " Gagal konek ke MySQL. " ) ;
mysql _sel ect _db( " db_user ") or die( " Gagal memi l i h dat abase. ") ;
$quer y = "sel ect * f r omt b_user wher e
l ogi n_user name = ' $un' and l ogi n_passwor d = ' $pw' " ;
$hasi l = mysql _quer y( $quer y) or die( "Gagal mel akukan quer y. " ) ;
if ( $hasi l ! = false) {
if ( mysql _num_r ows( $hasi l ) == 1) {
$user name = $_SESSI ON[ ' user name' ] ;
$passwor d = $_SESSI ON[ ' passwor d' ] ;
};
};
};
?>
<ht ml >
<head>
<t i t l e>Members Only</ t i t l e>
</ head>

<body>
<p>
<a hr ef ="index.php">Home</ a> |
<a hr ef ="login.php">Login</ a> |
<a hr ef ="member.php">Member</ a> |
<a hr ef ="logout.php">Logout</ a>
</ p>
<?php
if ( empty( $user name) | | empty( $passwor d) ) {
echo " <p>Maaf , hanya member s yang bol eh mengakses hal aman i ni . </ p>" ;
}
else {
?>
<p>
Selamat datang <b><?php echo $user name; ?></ b>
</ p>
<?php
};
?>
</ body>
</ ht ml >

Nama file: logout.php

<?php
sessi on_st ar t ( ) ;

unset( $_SESSI ON[ ' user name' ] ) ;
unset( $_SESSI ON[ ' passwor d' ] ) ;
?>
<ht ml >
<head>
<t i t l e>Logout</ t i t l e>
</ head>

<body>
<p>
<a hr ef ="index.php">Home</ a> |
<a hr ef ="login.php">Login</ a> |
<a hr ef ="member.php">Member</ a> |
<a hr ef ="logout.php">Logout</ a>
</ p>
<p>
Oke... Anda sudah logout.
</ p>
</ body>
</ ht ml >