php
ob_start();
include "config/koneksi.php";
include "config/fungsi_lain.php";
function anti_injection($data){
$filter =
mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES)
)));
return $filter;
}
$username = anti_injection($_POST['username']);
$pass = anti_injection(password($_POST['password']));
if (isset($_POST[login])) {
// pastikan username dan password adalah berupa huruf atau angka.
if (!ctype_alnum($username) OR !ctype_alnum($pass)){
echo "Sekarang loginnya tidak bisa di injeksi lho.";
}
else{
$login=mysql_query("SELECT * FROM users WHERE username='$username' AND
password='$pass' AND blokir='N'");
$ketemu=mysql_num_rows($login);
$r=mysql_fetch_array($login);
$_SESSION[namauser] = $r[username];
$_SESSION[namalengkap] = $r[nama_lengkap];
$_SESSION[passuser] = $r[password];
$_SESSION[leveluser] = $r[level];
// session timeout
$_SESSION[login] = 1;
timer();
$sid_lama = session_id();
session_regenerate_id();
$sid_baru = session_id();
$_SESSION[namauser] = $_POST[username];
$_SESSION[namalengkap] = $_POST[nama];
$_SESSION[passuser] = $pass;
$_SESSION[leveluser] = "pembaca";
// session timeout
$_SESSION[login] = 1;
timer();
$sid_lama = session_id();
session_regenerate_id();
$sid_baru = session_id();