erowsika · December 19, 2021 13:51
diff --git a/simple_arsip_session.php b/simple_arsip_session.php
 <?php

 // file connection.php
 $con = mysqli_connect("localhost", "username", "password", "dbname");

 // file login.php
 require_once(__DIR__ . '/connection.php');

 session_start();

 // mysqli_real_escape_string prevent sql injection (security)
 $user = mysqli_real_escape_string($con, $_POST['username']);
 $pass = mysqli_real_escape_string($con, $_POST['password']);

 //convert password to md5
 $pass = md5($pass);

 // check if the user id and password combination exist in database
 $sql = mysqli_query($con, "SELECT * FROM users WHERE username = '$user' AND password = '$pass'") or die(mysqli_error($con));

 //if match is equal to 1 there is a match
 if (mysqli_num_rows($sql) === 1) {
    $user = mysqli_fetch_array($sql);

    //set session
    $_SESSION['authorized'] = true;
    $_SESSION['id_user'] = $user['id_user']; // id user for relathionship only data
    $_SESSION['username'] = $user['username']; // username stored in session global variable

    // go to arsip this user only
    $_SESSION['success'] = 'Login Successful';
    header('Location: ./arsip.php');
    exit;
 } else {
    // login failed save error to a session
    $_SESSION['error'] = 'Sorry, wrong username or password';
    exit($_SESSION['error']); // print error message
 }

 // file arsip.php
 require_once(__DIR__ . '/connection.php');
 session_start();

 // check if user is successfully login
 if (!isset($_SESSION['id_user'])) die('Unauthorize Access !');

 $query_arsip = mysqli_query($con, "SELECT * FROM arsip WHERE id_user = $_SESSION[id_user];");
 while ($arsip = mysqli_fetch_array($query_arsip))
 { ?>
    <p>
        Nama Berkas : <?php echo $arsip['nama_berkas']; ?><br/>
        Tanggal Berkas : <?php echo $arsip['tgl_berkas']; ?>
    </p>
 <?php
 }
	<?php

	// file connection.php
	$con = mysqli_connect("localhost", "username", "password", "dbname");

	// file login.php
	require_once(__DIR__ . '/connection.php');

	session_start();

	// mysqli_real_escape_string prevent sql injection (security)
	$user = mysqli_real_escape_string($con, $_POST['username']);
	$pass = mysqli_real_escape_string($con, $_POST['password']);

	//convert password to md5
	$pass = md5($pass);

	// check if the user id and password combination exist in database
	$sql = mysqli_query($con, "SELECT * FROM users WHERE username = '$user' AND password = '$pass'") or die(mysqli_error($con));

	//if match is equal to 1 there is a match
	if (mysqli_num_rows($sql) === 1) {
	$user = mysqli_fetch_array($sql);

	//set session
	$_SESSION['authorized'] = true;
	$_SESSION['id_user'] = $user['id_user']; // id user for relathionship only data
	$_SESSION['username'] = $user['username']; // username stored in session global variable

	// go to arsip this user only
	$_SESSION['success'] = 'Login Successful';
	header('Location: ./arsip.php');
	exit;
	} else {
	// login failed save error to a session
	$_SESSION['error'] = 'Sorry, wrong username or password';
	exit($_SESSION['error']); // print error message
	}

	// file arsip.php
	require_once(__DIR__ . '/connection.php');
	session_start();

	// check if user is successfully login
	if (!isset($_SESSION['id_user'])) die('Unauthorize Access !');

	$query_arsip = mysqli_query($con, "SELECT * FROM arsip WHERE id_user = $_SESSION[id_user];");
	while ($arsip = mysqli_fetch_array($query_arsip))
	{ ?>
	<p>
	Nama Berkas : <?php echo $arsip['nama_berkas']; ?><br/>
	Tanggal Berkas : <?php echo $arsip['tgl_berkas']; ?>
	</p>
	<?php
	}