Kalo tutorial sebelumna, pake cek dari database dowank. Kali ini login form na kmbinasi antara Session dan sekaligus mengecek ke database User
jangan lupa bro, bwat sample data table, bwat table user na dolo:
CREATE TABLE:
id(INT) 11,
userName(VARCHAR) 255,
passWord(VARCHAR) 255
tros bikin fungsi - fungsi buatan na:
## fungsi login form
function displayform($error)
{
echo "<html><head><title>Please login</title></head><body><style>body,td,input { font-family: verdana; font-size: 8pt; }</style>";
if($error) echo "<p><b>Login na salah brother (^_^)</b></p>";
echo "<form action=\"\" method=\"post\"><table width='400' border=0><tr><td width='100'>username:</td>";
echo "<td><input type='text' name='input_user'></td></tr><tr><td>password:</td><td><input type='password' name='input_password'></td></tr>";
echo "<tr><td colspan='2'><input type='Submit' value='Login»' name='loginbutton'></td></tr></table></form></body></html>";
exit;
}
Alur VALIDASI User:
inputan user dan password diproses via HTTP REQUEST POST VAR, VAR inputan user dan password akan di filter melalui sintaks SQL :
mysql_real_escape_string("_VAR_INPUTAN");
sehingga saat SELECT DATA ke table database user, inputan sudah bersih dari karakter-karakter mematikan, yang biasa digunakan bwat para hacker untuk melakukan serangan INJECTION pada SQL data.
sedangkan untuk enkripsi passwordna make :
md5("__VAR_INPUTAN");
ni CODE validasi user na:
## fungsi validasi user
function validateUser()
{
$con=mysql_connect("localhost","root","");
$dbname="dbase_lu";
if(!is_resource($con)) { return false; }
@mysql_select_db($dbname);
$query = sprintf("SELECT * FROM tblUser WHERE userName='%s' AND passWord='%s'",
mysql_real_escape_string($_POST['input_user']),
mysql_real_escape_string(md5($_POST['input_password']))
);
$rslt = @mysql_query($query);
if(!is_resource($rslt)) { return false; }
if(mysql_num_rows($rslt) < 1) { return false; }
else
return true;
return false;
}
woke!!!
Alur login na:
pertama kali user akan login via form user password.
dan session dimulai pada saat user divalidasi.
session_start();
jika user mengisi form, dan mengklik tombol Login, proses validasi user akan dilakukan. Jika benar halaman akan di forward ke
http://www.dremi.info/klikdisini.htmlif($_POST['loginbutton'])
{
$inputuser = $_POST['input_user'];
$inputpassword = $_POST['input_password'];
if(validateUser())
{
session_start();
$_SESSION['authenticated'] = 1;
@header("location:http://www.dremi.info/klikdisini.html");
}
else
displayform(1);
}
else
displayform(0);
kalo salah yaaa...kembali ke form, dan pesan Login salah akan dimunculkan
if($error) echo "<p><b>Login na salah brother (^_^)</b></p>";
Jadi lengkap na ke gini bro:
<?php
if(!$_SESSION['authenticated'])
if($_POST['loginbutton'])
{
$inputuser = $_POST['input_user'];
$inputpassword = $_POST['input_password'];
if(validateUser())
{
session_start();
$_SESSION['authenticated'] = 1;
@header("location:http://www.dremi.info/klikdisini.html");
}
else
displayform(1);
}
else
displayform(0);
function displayform($error)
{
echo "<html><head><title>Please login</title></head><body><style>body,td,input { font-family: verdana; font-size: 8pt; }</style>";
if($error) echo "<p><b>Login na salah brother (^_^)</b></p>";
echo "<form action=\"\" method=\"post\"><table width='400' border=0><tr><td width='100'>username:</td>";
echo "<td><input type='text' name='input_user'></td></tr><tr><td>password:</td><td><input type='password' name='input_password'></td></tr>";
echo "<tr><td colspan='2'><input type='Submit' value='Login»' name='loginbutton'></td></tr></table></form></body></html>";
exit;
}
function validateUser()
{
$con=mysql_connect("localhost","root","");
$dbname="dbase_lu";
if(!is_resource($con)) { return false; }
@mysql_select_db($dbname);
echo $query = sprintf("SELECT * FROM tblUser WHERE userName='%s' AND passWord='%s'",
mysql_real_escape_string($_POST['input_user']),
mysql_real_escape_string(md5($_POST['input_password']))
);
$rslt = @mysql_query($query);
if(!is_resource($rslt)) { return false; }
if(mysql_num_rows($rslt) < 1) { return false; }
else
return true;
return false;
}
?>
woke selamat mencoba, download sample CODE na disini:
http://www.4shared.com/file/31438163/ae ... start.htmltros kalo mao liat sample jadina disini brother (pake user na:
test + password na:
ngepass):
http://www.dremi.info/web/tips/session_start.phpWOKEEEE!!!!!!......
