wichaksono · April 18, 2016 07:18
diff --git a/contoh-code-rapi.php b/contoh-code-rapi.php
 <?php
 session_start();
 require 'config.php';
 /**
 * Check POST request
 */
 if (isset($_POST['username']) && isset($_POST['password'])) {
    // SQL syntax to get username & password
    $sql_check = "SELECT nama, 
                         level_user, 
                         id_user 
                  FROM users 
                  WHERE 
                       username=? 
                       AND 
                       password=? 
                  LIMIT 1";

    // start prepare
    $check_log = $dbconnect->prepare($sql_check);
    $check_log->bind_param('ss', $username, $password);

    $username = $_POST['username'];
    $password = md5($_POST['password']);

    $check_log->execute();

    $check_log->store_result();
    
    // check result, if valid username & password
    if ($check_log->num_rows == 1) {
        $check_log->bind_result($nama, $level_user, $id_user);

        // save user ID to session
        while ($check_log->fetch()) {
            $_SESSION['user_login'] = $level_user;
            $_SESSION['sess_id']    = $id_user;
            $_SESSION['nama']       = $nama;
        }

        $check_log->close();

        // redirect
        header('location:on-'.$level_user);
        exit();
    } else {
        // if username & password not valid
        header('location: login.php?error='.base64_encode('Username dan Password Invalid!!!'));
        exit();
    }
 } else {
    header('location:login.php');
    exit();
 }
	<?php
	session_start();
	require 'config.php';
	/**
	* Check POST request
	*/
	if (isset($_POST['username']) && isset($_POST['password'])) {
	// SQL syntax to get username & password
	$sql_check = "SELECT nama,
	level_user,
	id_user
	FROM users
	WHERE
	username=?
	AND
	password=?
	LIMIT 1";

	// start prepare
	$check_log = $dbconnect->prepare($sql_check);
	$check_log->bind_param('ss', $username, $password);

	$username = $_POST['username'];
	$password = md5($_POST['password']);

	$check_log->execute();

	$check_log->store_result();

	// check result, if valid username & password
	if ($check_log->num_rows == 1) {
	$check_log->bind_result($nama, $level_user, $id_user);

	// save user ID to session
	while ($check_log->fetch()) {
	$_SESSION['user_login'] = $level_user;
	$_SESSION['sess_id'] = $id_user;
	$_SESSION['nama'] = $nama;
	}

	$check_log->close();

	// redirect
	header('location:on-'.$level_user);
	exit();
	} else {
	// if username & password not valid
	header('location: login.php?error='.base64_encode('Username dan Password Invalid!!!'));
	exit();
	}
	} else {
	header('location:login.php');
	exit();
	}