Index

<?php
session_start();

$logged_in = false;

//jika session username belum dibuat, atau session username kosong

if (isset($_SESSION['username']) || !empty($_SESSION['username'])) {
$logged_in = true;
}

include_once('config.php');
?>
<!DOCTYPE
html
PUBLIC
"-//W3C//DTD
XHTML
1.0
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Transitional//EN"

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tutorial Hak Akses</title>
<link rel="stylesheet" href="css/reset.css" type="text/css" />
<link rel="stylesheet" href="css/normalize.css" type="text/css" />
<link rel="stylesheet" href="css/permata-ui-kit.css" type="text/css" />
<link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
<link rel="stylesheet" href="css/style.css" type="text/css" />
</head>

<body>

<div style="margin:auto">
<form class="rounded_3 shadow_3" action="insert.php" method="post"
style="width:400px; margin:auto;">
<fieldset class="rounded_3">
<legend>Daftar User Baru</legend>
<?php
$message = isset($_GET['msg']);

if ($message == 'success') {
?>
<div class="info">Success</div>
<?php } else if ($message == 'failed') {?>
<div class="error">Error</div>
<?php } ?>

<div>
id="username"
required="required" />

<label
for="username">Username</label>
<input
name="username"
class="wide"
type="text"

</div>
<div>
<label
for="password">Password</label>
<input
id="password"
name="password"
class="wide"
type="password"
required="required" />
</div>
<div>
<label for="email">Email</label> <input
name="email" class="wide" type="email" required="required" />
</div>

id="email"

<div>
<label
for="fullname">Fullname</label>
id="fullname" name="fullname" class="wide" type="text" />

<input

</div>
<div>
<?php if ($logged_in) { ?>
<span

class="left"><a

href="users.php">Lihat

Data</a></span>
<?php } else {?>
<span
href="login.php">Login</a></span>

class="left"><a

<?php } ?>
<input

class="right"

value="Daftar" />
</div>
</fieldset>
</form>
</div>
</body>
</html>

Login
<?php
session_start();

include_once('config.php');

if (!empty($_SESSION['username'])) {

type="submit"

name="submit"

header('location:index.php');
}
?>

<!DOCTYPE
html
PUBLIC
"-//W3C//DTD
XHTML
1.0
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Transitional//EN"

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tutorial Hak Akses</title>
<link rel="stylesheet" href="css/reset.css" type="text/css" />
<link rel="stylesheet" href="css/normalize.css" type="text/css" />
<link rel="stylesheet" href="css/permata-ui-kit.css" type="text/css" />
<link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
<link rel="stylesheet" href="css/style.css" type="text/css" />
</head>

<body>
<div style="margin:auto; padding:50px 0 30px; text-align:center">
</div>
<div style="margin:auto">
<form class="rounded_3 shadow_3"
style="width:400px; margin:auto;">
<fieldset class="rounded_3">
<legend>Login</legend>

<?php

action="auth.php"

method="post"

$error = isset($_GET['error']);

if ($error == 1) {
?>
<div class="error">Username dan Password belum diisi.</div>
<?php } else if ($error == 2) {?>
<div class="error">Username belum diisi.</div>
<?php } else if ($error == 3) {?>
<div class="error">Password belum diisi.</div>
<?php } else if ($error == 4) {?>
<div

class="error">Username

dan

Password

tidak

terdaftar.</div>
<?php } ?>

<div>
id="username"
required="required" />

<label
for="username">Username</label>
<input
name="username"
class="wide"
type="text"

</div>
<div>
<label
for="password">Password</label>
<input
id="password"
name="password"
class="wide"
type="password"
required="required" />
</div>
<div>
<span

class="left"><a

href="index.php">Daftar

Baru</a></span>
<input
value="Login" />

class="right"

type="submit"

name="submit"

</div>
</fieldset>
</form>
</div>
</body>
</html>
Cek login
<?php
if(!isset($_SESSION))
{
session_start();
}

$logged_in = false;

//jika session username belum dibuat, atau session username kosong

if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {
//redirect ke halaman login
header('location:login.php');
} else {
$logged_in = true;
}
?>
User
<?php
include_once('config.php');

include('cek-login.php');
?>

<!DOCTYPE
html
PUBLIC
"-//W3C//DTD
XHTML
1.0
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Transitional//EN"

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tutorial Hak Akses</title>
<link rel="stylesheet" href="css/reset.css" type="text/css" />
<link rel="stylesheet" href="css/normalize.css" type="text/css" />
<link rel="stylesheet" href="css/permata-ui-kit.css" type="text/css" />
<link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
<link rel="stylesheet" href="css/style.css" type="text/css" />
</head>

<body>
<div style="margin:auto; padding:50px 0 30px; text-align:center">
</div>
<div style="margin:auto">
<div class="rounded_3 shadow_3 content">
<?php
$username = $_SESSION['username'];
$query_user_login
=
username='$username'");

mysql_query("select

$user_login = mysql_fetch_array($query_user_login);

from

users

where

?>
<h3>Selamat Datang <?php echo $user_login['fullname']; ?></h3>
<br />

<?php
$message = isset($_GET['msg']);

if ($message == 'success') {
?>
<div class="info">Success</div>
<?php } else if ($message == 'failed') {?>
<div class="error">Error</div>
<?php } ?>

<a href="index.php" class="left">Tambah User</a> <a href="logout.php"

class="right">Logout</a>
<br />
<table class="view">
<thead>
<tr>
<th width="20">No.</th>
<th>Username</th>
<th>Fullname</th>
<th>Email</th>
</tr>
</thead>
<tbody>

<?php
$query = mysql_query("select * from users");

$i = 1;

while ($data = mysql_fetch_array($query)) {

?>
<tr class="<?php if ($i % 2 == 0) { echo "odd"; } else { echo
"even"; } ?>">
<td><?php echo $i; ?></td>
<td>
<?php
echo $data['username'];

// jika user yang login memiliki role sebagai admin,

maka tampilkan menu untuk edit dan delete user
//if ( isset($_SESSION['role' == 'admin'] ) ){
if ($_SESSION['role'] == 'admin') {
?>
<div class="row-actions">
<a

href="edit.php?uid=<?php

echo

$data['id_user'];?>">Edit</a>
<?php if ($data['username'] != 'admin') {?>
| <a href="delete.php?uid=<?php echo
$data['id_user'];?>" class="delete">Delete</a>
<?php } ?>
</div>
<?php } ?>

</td>
<td><?php echo $data['fullname']; ?></td>
<td><?php echo $data['email']; ?></td>
</tr>
<?php
$i++;
}
?>
</tbody>
</table>
</div>
</div>
<div class="clear"></div>
<div style="padding-bottom:50px;"></div>
</body>
</html>
Edit
<?php
session_start();

include_once('config.php');
include_once('cek-login.php');
?>
<!DOCTYPE
html
PUBLIC
"-//W3C//DTD
XHTML
1.0
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

Transitional//EN"

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Tutorial Hak Akses</title>
<link rel="stylesheet" href="css/reset.css" type="text/css" />
<link rel="stylesheet" href="css/normalize.css" type="text/css" />
<link rel="stylesheet" href="css/permata-ui-kit.css" type="text/css" />
<link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
<link rel="stylesheet" href="css/style.css" type="text/css" />
</head>

<body>
<div style="margin:auto; padding:50px 0 30px; text-align:center">
</div>
<div style="margin:auto">
<form class="rounded_3 shadow_3" action="update.php" method="post"
style="width:400px; margin:auto;">
<fieldset class="rounded_3">
<legend>Edit User</legend>
<?php
$message = isset($_GET['msg']);

if ($message == 'success') {
?>
<div class="info">Success</div>
<?php } else if ($message == 'failed') {?>
<div class="error">Error</div>
<?php } ?>

<?php
// terima id_user dari halaman users
$user_id = $_GET['uid'];

$query
id_user='$user_id'");

mysql_query("select

from

users

where

$data = mysql_fetch_array($query);
?>

<div>
<label
for="username">Username</label>
<input
id="username" name="username" class="wide" type="text" required="required"
value="<?php echo $data['username']; ?>" disabled="disabled" />
</div>
<div>
<label
for="password">Password</label>
<input
id="password"
name="password"
class="wide"
type="password"
required="required" value="<?php echo $data['password']; ?>" <?php if
($data['username'] == 'admin') {?> disabled="disabled" <?php } ?> />
</div>
<div>
<label for="email">Email</label> <input id="email"
name="email" class="wide" type="email" required="required" value="<?php echo
$data['email']; ?>" />
</div>
<div>

<label
for="fullname">Fullname</label>
<input
id="fullname" name="fullname" class="wide" type="text" value="<?php echo
$data['fullname']; ?>" />
</div>
<?php
// jika user yang login memiliki role sebagai admin, maka
tampilkan opsi ini
if ($_SESSION['role'] == 'admin') {
if ($data['username'] != 'admin') {
?>
<div>
<label for="role">Role</label>
<select name="role">
<option value="admin">Admin</option>
<option value="member">Member</option>
</select>
</div>
<?php
}
}
?>
<div>
<?php if ($logged_in) { ?>
<span

class="left"><a

href="users.php">Lihat

Data</a></span>
<?php } else {?>
<span
href="login.php">Login</a></span>

class="left"><a

<?php } ?>
<input

class="right"

type="submit"

name="submit"

value="Update User" />

</div>
<input type="hidden" name="user_id" value="<?php echo
$data['id_user']; ?>" />
</fieldset>
</form>
</div>
</body>
</html>
Update
<?php
include('config.php');

//tangkap data dari form

$id = $_POST['user_id'];
$password = $_POST['password'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$role = $_POST['role'];

//update data di database sesuai user_id

$query
=
mysql_query("update
fullname='$fullname', email='$email',
die(mysql_error());

if ($query) {

users
set
password='$password',
role='$role' where id_user='$id'") or

header('location:users.php?msg=success');
} else {
header('location:users.php?msg=failed');
}
?>
Insert
<?php
include_once('config.php');

// terima data dari halaman index.php

$username = mysql_real_escape_string($_POST['username']);
$password
$email

= mysql_real_escape_string($_POST['password']);
= mysql_real_escape_string($_POST['email']);

$fullname

= mysql_real_escape_string($_POST['fullname']);

$role

= 'member'; // variabel untuk settingan default level yang mendaftar

// simpan data ke database

$query = mysql_query("insert into users values('', '$username', '$password',
'$email', '$fullname', '$role')");

if ($query) {
// jika berhasil menyimpan
header('location: index.php?msg=success');
} else {
// jika gagal menyimpan
header('location: index.php?msg=failed');
}

?>
Auth
<?php
include('config.php');

session_start();

// terima data dari form login

$username = $_POST['username'];
$password = $_POST['password'];

// untuk mencegah sql injection

// kita gunakan mysql_real_escape_string
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

// cek data yang dikirim, apakah kosong atau tidak

if (empty($username) && empty($password)) {
// kalau username dan password kosong
header('location:login.php?error=1');
break;
} else if (empty($username)) {
// kalau username saja yang kosong
header('location:login.php?error=2');
break;
} else if (empty($password)) {

// kalau password saja yang kosong

header('location:login.php?error=3');
break;
}

$query = mysql_query("select * from users where username='$username' and

password='$password'");

$data = mysql_fetch_array($query);

if (mysql_num_rows($query) == 1) {
// kalau username dan password sudah terdaftar di database
// buat session dengan nama username dengan isi nama user yang login
$_SESSION['username'] = $username;
$_SESSION['role'] = $data['role'];

// redirect ke halaman users [menampilkan semua users]

header('location:users.php');
} else {
// kalau username ataupun password tidak terdaftar di database
header('location:login.php?error=4');
}
?>