Aziz-Rahman/login_sdfjsdjfs.php

## login_sdfjsdjfs.php
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" role="form" id="login-customer">
	<div class="form-group">
		<label for="usr">Username</label>
		<input type="text" name="username" class="form-control" id="usr">
	</div>
	<div class="form-group">
		<label for="pwd">Password</label>
		<input type="password" name="password" class="form-control" id="pwd">
	</div>
	<div class="form-group">
        <button type="submit" name="login-customer" class="btn btn-danger">Masuk</button>
    </div>
</form>

<?php
if ( isset( $_POST['login-customer'] ) ) :

	include "includes/conn.php";
	require_once "includes/functions.php";

	$username = anti_injection( $_POST['username'] );
	$pure_password = anti_injection( $_POST['password'] );

	// hash_pswd
	// $algo = PASSWORD_DEFAULT;
	$salt = 'ajdf4833dn48fcncbcsh733rbb3bffbf3d';
	$cost = 10;

	$options = array();
	if ( !empty($cost) ) $options['cost'] = (int)$cost;
	if ( !empty($salt) ) $options['salt'] = $salt;

	// $hash   = password_hash($pass, $algo, $options);
	$password = password_hash( $pure_password, PASSWORD_DEFAULT, $options );
	$sql = $mysqli->query( "SELECT id_kustomer, username, password FROM member WHERE username = '$username' AND password = '$password'" );
	$check = $sql->num_rows;
	$data = $sql->fetch_assoc();
	$verify_pass = password_verify( $pure_password, $password ); // ($pass, $hash)

	if ( $check > 0 AND $verify_pass ) {
		session_start();
		$_SESSION['id_customer'] = $data['id_kustomer'];
		$_SESSION['customer'] = $data['username'];
		$_SESSION['customer_pswd'] = $data['password'];

		header( 'location:check-out' ); // Direct to page check out

	} else {
		echo "<script>alert('Username atau password salah, silahkan ulangi.'); top.location='login-register';</script>";
	}

	$mysqli->close();

endif;

## rgstr_jdshfjdsfsjdfsjf.php
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" role="form" id="register-customer">
	<div class="form-group">
		<input type="text" name="full_name" class="form-control" placeholder="Name Lengkap">
	</div>
	<div class="form-group">
		<input type="email" name="email" class="form-control" placeholder="Email">
	</div>
	<div class="form-group">
		<input type="text" name="telp" class="form-control" placeholder="No Telepon">
	</div>
	<div class="form-group">
		<input type="text" name="city" class="form-control" placeholder="Kota">
	</div>
	<div class="form-group">
		<input type="text" name="pos_code" class="form-control" placeholder="Kode Pos">
	</div>
	<div class="form-group">
		<textarea name="address" class="form-control" rows="6" placeholder="Alamat Lengkap"></textarea>
	</div>
	<div class="form-group">
		<input type="username" name="username" class="form-control" placeholder="Username">
	</div>
	<div class="form-group">
		<input type="password" name="password" class="form-control" placeholder="Password">
	</div>
	<div class="form-group">
        <button type="submit" name="register-customer" class="btn btn-info">Daftar</button>
    </div>
</form>

<?php
include "includes/conn.php";
include "includes/functions.php";

if ( isset( $_POST['register-customer'] ) ) :

	// var ................
	$name =
	$email =
	$telp =
	// etc ................
	$pure_password = anti_injection( $_POST['password'] ); // before pswd insert to db must be validated

	$salt = 'ajdf4833dn48fcncbcsh733rbb3bffbf3d';
	$cost = 10;

	$options = array();
	if (!empty($cost)) $options['cost'] = (int)$cost;
	if (!empty($salt)) $options['salt'] = $salt;

	// password_hash($pass, $algo, $options);
	$password = password_hash( $pure_password, PASSWORD_DEFAULT, $options ); // pswd an insert after ( validation without hash )

	// check data in db
	$sql = $mysqli->query( "SELECT username FROM member WHERE username = '$username'" );
	$sql2 = $mysqli->query( "SELECT email FROM member WHERE email = '$email'" );
	$check_user = $sql->num_rows;
	$check_email = $sql2->num_rows;

	if ( empty( $name ) || empty( $email ) || empty( $telp ) || empty( $city ) || empty( $pos_code ) || empty( $address ) || empty( $username ) || empty( $pure_password ) ) {
		echo "<script>alert( 'Pengisian data harus lengkap, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( !preg_match( "/^[a-zA-Z ]*$/",$name ) ) {
		echo "<script>alert( 'Nama tidak valid, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( filter_var( $email, FILTER_VALIDATE_EMAIL) === false ) {
		echo "<script>alert( '($email) alamat email tidak valid, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( $check_email != 0 ) {
		echo "<script>alert( 'Email sudah digunakan, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( ! is_numeric( $telp ) ) {
		echo "<script>alert( 'No. Telp tidak valid, silahkan ulangi. Contoh: 081234234222' );
			document.location.href='login-register';</script>";
	}
	elseif ( !preg_match( "/^[a-zA-Z ]*$/",$city ) ) {
		echo "<script>alert( 'Nama kota tidak valid, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( ! is_numeric( $pos_code ) ) {
		echo "<script>alert( 'Kode pos tidak valid, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( $check_user != 0 ) {
		echo "<script>alert( 'Username sudah digunakan, silahkan ganti dengan yang lain.' );
			document.location.href='login-register';</script>";
	}
	elseif ( !preg_match( "/^[a-zA-Z0-9]*$/",$username ) ) {
		echo "<script>alert( 'Username hanya boleh diisi dengan karakter huruf atau angka dan tidak mengandung spasi, silahkan ulangi' );
			document.location.href='login-register';</script>";
	}
	elseif ( strlen( $username ) < 6 ) {
		echo "<script>alert( 'Panjang karakter username minimal 6 karakter, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}
	elseif ( strlen( $pure_password ) < 8 ) {
		echo "<script>alert( 'Panjang karakter password minimal 8 karakter, silahkan ulangi.' );
			document.location.href='login-register';</script>";
	}

	else {
		//if success
		$query = $mysqli->query( "INSERT INTO member( nama_lengkap, email, no_telp, kota, kode_pos, alamat, username, password ) VALUES ('$name','$email', '$telp', '$city', '$pos_code', '$address', '$username', '$password' )");

		if ( $query ) {
			echo "<script>alert( 'Pendaftaran berhasil disimpan. Silahkan login untuk melanjutkan.' );
        		document.location.href='login-register&stts=success';</script>";
		    // echo '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>Data tersimpan !</div>';
		} else {
		    echo "Gagal tersimpan !";
		}
	}
endif;

## xjjsjjfcjsjcjsfunctions.php
<?php

if ( ! function_exists( 'anti_injection' ) ) {
	function anti_injection($data){
		$filter = $mysqli->real_escape_string( stripslashes( strip_tags(htmlspecialchars( $data, ENT_QUOTES ) ) ) );
		return $filter;
	}
}

// etc functions

## zlinkdevonline
https://developers.google.com/speed/libraries/
-jq v2 <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
-
	<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" role="form" id="login-customer">
	<div class="form-group">
	<label for="usr">Username</label>
	<input type="text" name="username" class="form-control" id="usr">
	</div>
	<div class="form-group">
	<label for="pwd">Password</label>
	<input type="password" name="password" class="form-control" id="pwd">
	</div>
	<div class="form-group">
	<button type="submit" name="login-customer" class="btn btn-danger">Masuk</button>
	</div>
	</form>

	<?php
	if ( isset( $_POST['login-customer'] ) ) :

	include "includes/conn.php";
	require_once "includes/functions.php";

	$username = anti_injection( $_POST['username'] );
	$pure_password = anti_injection( $_POST['password'] );

	// hash_pswd
	// $algo = PASSWORD_DEFAULT;
	$salt = 'ajdf4833dn48fcncbcsh733rbb3bffbf3d';
	$cost = 10;

	$options = array();
	if ( !empty($cost) ) $options['cost'] = (int)$cost;
	if ( !empty($salt) ) $options['salt'] = $salt;

	// $hash = password_hash($pass, $algo, $options);
	$password = password_hash( $pure_password, PASSWORD_DEFAULT, $options );
	$sql = $mysqli->query( "SELECT id_kustomer, username, password FROM member WHERE username = '$username' AND password = '$password'" );
	$check = $sql->num_rows;
	$data = $sql->fetch_assoc();
	$verify_pass = password_verify( $pure_password, $password ); // ($pass, $hash)

	if ( $check > 0 AND $verify_pass ) {
	session_start();
	$_SESSION['id_customer'] = $data['id_kustomer'];
	$_SESSION['customer'] = $data['username'];
	$_SESSION['customer_pswd'] = $data['password'];

	header( 'location:check-out' ); // Direct to page check out

	} else {
	echo "<script>alert('Username atau password salah, silahkan ulangi.'); top.location='login-register';</script>";
	}

	$mysqli->close();

	endif;
	<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" role="form" id="register-customer">
	<div class="form-group">
	<input type="text" name="full_name" class="form-control" placeholder="Name Lengkap">
	</div>
	<div class="form-group">
	<input type="email" name="email" class="form-control" placeholder="Email">
	</div>
	<div class="form-group">
	<input type="text" name="telp" class="form-control" placeholder="No Telepon">
	</div>
	<div class="form-group">
	<input type="text" name="city" class="form-control" placeholder="Kota">
	</div>
	<div class="form-group">
	<input type="text" name="pos_code" class="form-control" placeholder="Kode Pos">
	</div>
	<div class="form-group">
	<textarea name="address" class="form-control" rows="6" placeholder="Alamat Lengkap"></textarea>
	</div>
	<div class="form-group">
	<input type="username" name="username" class="form-control" placeholder="Username">
	</div>
	<div class="form-group">
	<input type="password" name="password" class="form-control" placeholder="Password">
	</div>
	<div class="form-group">
	<button type="submit" name="register-customer" class="btn btn-info">Daftar</button>
	</div>
	</form>

	<?php
	include "includes/conn.php";
	include "includes/functions.php";

	if ( isset( $_POST['register-customer'] ) ) :

	// var ................
	$name =
	$email =
	$telp =
	// etc ................
	$pure_password = anti_injection( $_POST['password'] ); // before pswd insert to db must be validated

	$salt = 'ajdf4833dn48fcncbcsh733rbb3bffbf3d';
	$cost = 10;

	$options = array();
	if (!empty($cost)) $options['cost'] = (int)$cost;
	if (!empty($salt)) $options['salt'] = $salt;

	// password_hash($pass, $algo, $options);
	$password = password_hash( $pure_password, PASSWORD_DEFAULT, $options ); // pswd an insert after ( validation without hash )

	// check data in db
	$sql = $mysqli->query( "SELECT username FROM member WHERE username = '$username'" );
	$sql2 = $mysqli->query( "SELECT email FROM member WHERE email = '$email'" );
	$check_user = $sql->num_rows;
	$check_email = $sql2->num_rows;

	if ( empty( $name ) \|\| empty( $email ) \|\| empty( $telp ) \|\| empty( $city ) \|\| empty( $pos_code ) \|\| empty( $address ) \|\| empty( $username ) \|\| empty( $pure_password ) ) {
	echo "<script>alert( 'Pengisian data harus lengkap, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( !preg_match( "/^[a-zA-Z ]*$/",$name ) ) {
	echo "<script>alert( 'Nama tidak valid, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( filter_var( $email, FILTER_VALIDATE_EMAIL) === false ) {
	echo "<script>alert( '($email) alamat email tidak valid, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( $check_email != 0 ) {
	echo "<script>alert( 'Email sudah digunakan, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( ! is_numeric( $telp ) ) {
	echo "<script>alert( 'No. Telp tidak valid, silahkan ulangi. Contoh: 081234234222' );
	document.location.href='login-register';</script>";
	}
	elseif ( !preg_match( "/^[a-zA-Z ]*$/",$city ) ) {
	echo "<script>alert( 'Nama kota tidak valid, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( ! is_numeric( $pos_code ) ) {
	echo "<script>alert( 'Kode pos tidak valid, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( $check_user != 0 ) {
	echo "<script>alert( 'Username sudah digunakan, silahkan ganti dengan yang lain.' );
	document.location.href='login-register';</script>";
	}
	elseif ( !preg_match( "/^[a-zA-Z0-9]*$/",$username ) ) {
	echo "<script>alert( 'Username hanya boleh diisi dengan karakter huruf atau angka dan tidak mengandung spasi, silahkan ulangi' );
	document.location.href='login-register';</script>";
	}
	elseif ( strlen( $username ) < 6 ) {
	echo "<script>alert( 'Panjang karakter username minimal 6 karakter, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}
	elseif ( strlen( $pure_password ) < 8 ) {
	echo "<script>alert( 'Panjang karakter password minimal 8 karakter, silahkan ulangi.' );
	document.location.href='login-register';</script>";
	}

	else {
	//if success
	$query = $mysqli->query( "INSERT INTO member( nama_lengkap, email, no_telp, kota, kode_pos, alamat, username, password ) VALUES ('$name','$email', '$telp', '$city', '$pos_code', '$address', '$username', '$password' )");

	if ( $query ) {
	echo "<script>alert( 'Pendaftaran berhasil disimpan. Silahkan login untuk melanjutkan.' );
	document.location.href='login-register&stts=success';</script>";
	// echo '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>Data tersimpan !</div>';
	} else {
	echo "Gagal tersimpan !";
	}
	}
	endif;
	<?php

	if ( ! function_exists( 'anti_injection' ) ) {
	function anti_injection($data){
	$filter = $mysqli->real_escape_string( stripslashes( strip_tags(htmlspecialchars( $data, ENT_QUOTES ) ) ) );
	return $filter;
	}
	}

	// etc functions
	https://developers.google.com/speed/libraries/
	-jq v2 <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
	-