LOGIN.PHP <?php include "config/config.php"; $username = $_POST['username']; $pass = md5($_POST['password']);
// pastikan username dan password adalah berupa huruf atau angka. if (!ctype_alnum($username) OR !ctype_alnum($pass)){ echo "Maaf, tidak boleh kata injeksi ya...!!!."; } else{ //$logloket = mysql_query("UPDATE tb_user SET usLoket = '$loket' WHERE usUsername='$username'"); $login=mysql_query("SELECT * FROM tb_user a WHERE a.usUsername='$username' AND a.usPassword='$pass' AND a.usAktif='Y'", $dbconn); $ketemu=mysql_num_rows($login); $r=mysql_fetch_array($login);
// Apabila username dan password ditemukan if ($ketemu > 0){ session_start(); $_SESSION['userid'] = $r['usId']; $_SESSION['username'] = $r['usUsername']; $_SESSION['namauser'] = $r['usNama']; $_SESSION['password'] = $r['usPassword']; $_SESSION['aktif'] = $r['usAktif']; $_SESSION['leveluser'] = $r['usLevel']; $_SESSION['group'] = $r['usLoket']; if($_SESSION['group']==2){ // Dokter