Langkah pertama adalah pembuatan database:
Kemudian membuat script php:
Script
1. Public_html /Login _form.php
<!DOCTYPE html>
<head>
<title>form login</title>
</head>
<body>
<form name="login"
action="config/login_check.php" method="post">
<table border="1" align="center"
bordercolor="#00CCFF">
<tr><td colspan="2"><div
align="center">Form Login</div></td></tr>
<tr><td>Username</td><td> :
<input type="text"
name="username"></td></tr>
<tr><td>Password</td><td> :
<input type="password"
name="password"></td></tr>
<tr><td colspan="2"><div align="center">
<input
type="submit" value="Login">
</div></td></tr>
</table>
</form>
</body>
</html>
2. public_html/config/login_check.php
<?php
include "../conn.php"; //connection file
function anti_injection($data){
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST['username']);
$pass =
anti_injection(md5($_POST['password']));
//make sure the username and password are character or
number.
if (!ctype_alnum($username) OR !ctype_alnum($pass)){
echo "Bingo!! sekarang login form telah terlindungi.
Tidak ada SQL Injection.";
}
else{
$login=mysql_query("select * from users where
username='$username' and password='$pass'
and block='N'");
$found=mysql_num_rows($login);
$r=mysql_fetch_array($login);
//If found the username and password
if ($found > 0){
session_start();
include "timeout.php";
$_SESSION[username]
= $r[username];
$_SESSION[fullname]
= $r[full_name];
$_SESSION[passuser]
= $r[password];
$_SESSION[leveluser]
= $r[level];
// session timeout
$_SESSION[login] = 1;
timer();
$old_sid = session_id();
session_regenerate_id();
$new_sid = session_id();
mysql_query("update users set id_session='$new_sid'
where username='$username'");
header('location:../home.php'); //page redirection, after
success login
}
else{
echo "<center>LOGIN GAGAL!!<br/>
salah username atau password.<br/>
atau accaunt anda diblokir<br/>";
echo "<a href=../login_form.php><b>Coba
Lagi</b></a></center>";
}
}
?>
3. . public_html/config/timeout.php
<?php
session_start();
function timer(){
$time=10000; //set the timer
$_SESSION[timeout]=time()+$time;
}
function login_check(){
$timeout=$_SESSION[timeout];
if(time()<$timeout){
timer();
return true;
}else{
unset($_SESSION[timeout]);
return false;
}
}
?>
4. public_html/config/logout.php
<?php
session_start();
session_destroy();
echo "<center>Anda berhasil Keluar dari
sistem.<b>[LOGOUT]</b></center>";
?>
5.public_html/home.php
<?php
session_start();
error_reporting(0);
include "config/timeout.php";
if($_SESSION[login]==1){
if(!login_check()){
$_SESSION[login] = 0;
}
}
if($_SESSION[login]==0){
header('location:login_form.php');
}
else{
if (empty($_SESSION['username']) AND
empty($_SESSION['passuser']) AND $_SESSION['login']==0){
"<center>Untuk mengakses halaman ini, login dulu
ya!<br/>";
echo "<a
href=login_form.php><b>LOGIN</b></a></center>";
}
else{
?>
<!DOCTYPE html>
<head>
<title></title>
<style type="text/css">
<!--
#Layer1 {
padding:10px;
width:1000px;
height:280px;
background-color:
#00CCFF;
}
.style1 {color: #000000}
-->
</style>
</head>
<body>
<div id="Layer1">
<h1
align="center" class="style1">Selamat Datang </h1>
<h4
align="center" class="style1">Di Web Ku </h4>
<p
align="center"><a href="config/logout.php"
target="_parent">logout</a></p>
<p> </p>
</div>
</body>
</html>
<?php
}
}
?>
6.public_html/conn.php
<?php
$host = "localhost";
$username = "root";
$password = "";
$databasename = "users";
$connection = mysql_connect($host, $username, $password) or
die("Kesalahan Koneksi ... !!
");
mysql_select_db($databasename, $connection) or
die("Database Error");
?>
