|
1
|
|
|
<?php |
|
2
|
|
|
include 'config/koneksi.php'; |
|
3
|
|
|
function anti_injection($data) |
|
4
|
|
|
{ |
|
5
|
|
|
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES)))); |
|
|
|
|
|
|
6
|
|
|
|
|
7
|
|
|
return $filter; |
|
8
|
|
|
} |
|
9
|
|
|
|
|
10
|
|
|
//$pass=md5($_POST[password]); |
|
11
|
|
|
|
|
12
|
|
|
$userid = anti_injection($_POST['userid']); |
|
13
|
|
|
$pass = anti_injection($_POST['password']); |
|
14
|
|
|
$module = anti_injection($_POST['module']); |
|
15
|
|
|
|
|
16
|
|
|
$login = mysql_query("SELECT a.*,b.id_tipe_sales |
|
|
|
|
|
|
17
|
|
|
FROM user a LEFT JOIN groups b |
|
18
|
|
|
on a.id_groups = b.id_groups |
|
19
|
|
|
WHERE a.id_user='$userid' AND a.password='$pass' and a.aktif='Y'"); |
|
20
|
|
|
|
|
21
|
|
|
$find = mysql_num_rows($login); |
|
|
|
|
|
|
22
|
|
|
$r = mysql_fetch_array($login); |
|
|
|
|
|
|
23
|
|
|
|
|
24
|
|
|
// Apabila userid dan password ditemukan |
|
25
|
|
|
if ($find > 0) { |
|
26
|
|
|
session_start(); |
|
27
|
|
|
|
|
28
|
|
|
$id_user = $r['id_user']; |
|
29
|
|
|
$_SESSION['userid'] = $r['id_user']; |
|
30
|
|
|
$_SESSION['username'] = $r['username']; |
|
31
|
|
|
$_SESSION['iusername'] = $r['username']; |
|
32
|
|
|
$_SESSION['password'] = $r['password']; |
|
33
|
|
|
$_SESSION['groups'] = $r['id_groups']; |
|
34
|
|
|
$_SESSION['tipe_sales'] = $r['id_tipe_sales']; |
|
35
|
|
|
$_SESSION['outlet'] = $r['id_outlet']; |
|
36
|
|
|
$_SESSION['role'] = $r['role']; |
|
37
|
|
|
$_SESSION['pict'] = $r['pict']; |
|
38
|
|
|
$_SESSION['r_input'] = $r['r_input']; |
|
39
|
|
|
$_SESSION['r_edit'] = $r['r_edit']; |
|
40
|
|
|
$_SESSION['r_delete'] = $r['r_delete']; |
|
41
|
|
|
$_SESSION['r_admin'] = $r['r_admin']; |
|
42
|
|
|
|
|
43
|
|
|
$gsql = mysql_query("SELECT main_page FROM groups WHERE id_groups ='$r[id_groups]'"); |
|
|
|
|
|
|
44
|
|
|
$g = mysql_fetch_array($gsql); |
|
|
|
|
|
|
45
|
|
|
|
|
46
|
|
|
if ($g['main_page']) { |
|
47
|
|
|
$lmodule = $g['main_page']; |
|
48
|
|
|
} else { |
|
49
|
|
|
$lmodule = '?module='.$module; |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
$sql = mysql_query("SELECT * FROM modul WHERE link ='$lmodule'"); |
|
|
|
|
|
|
53
|
|
|
|
|
54
|
|
|
$r = mysql_fetch_array($sql); |
|
|
|
|
|
|
55
|
|
|
|
|
56
|
|
|
if ($r['id_modul']) { |
|
57
|
|
|
$imodule = $r['link']; |
|
58
|
|
|
$id_module = $r['id_modul']; |
|
59
|
|
|
$kode = $r['kode']; |
|
60
|
|
|
} else { |
|
61
|
|
|
$imodule = '?home'; |
|
62
|
|
|
$id_module = '54'; |
|
63
|
|
|
$kode = ''; |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
// update user last login |
|
67
|
|
|
$loginDateFormat = 'Y-m-d H:i:s'; |
|
68
|
|
|
$last_login = date($loginDateFormat, time()); |
|
69
|
|
|
$sql = mysql_query("UPDATE user SET last_login='$last_login' WHERE id_user='$id_user'"); |
|
|
|
|
|
|
70
|
|
|
|
|
71
|
|
|
// user_log |
|
72
|
|
|
user_log('Login ke Aplikasi Puskesmas'); |
|
73
|
|
|
|
|
74
|
|
|
header('location:main.php'.$imodule.'&id_module='.$id_module.'&kode='.$kode.''); |
|
75
|
|
|
} else { |
|
76
|
|
|
echo "<script>window.alert('User Id atau password tidak cocok.'); window.location=('index.php?userid=$userid&module=$module')</script>"; ?> |
|
77
|
|
|
|
|
78
|
|
|
<?php |
|
79
|
|
|
} |
|
80
|
|
|
?> |
|
|
|
|
|
|
81
|
|
|
|
aepnat /
simpuskesmas
aepnat
Loading history...
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.