<?php include 'db/pdo.php'; $username = $_POST['username']; $password = $_POST['password']; if ($_POST['submit'] == "Login") { if (empty($username)) { header("Location: {$base_url}/login.php?empty=username"); } elseif (empty($password)) { header("Location: {$base_url}/login.php?empty=password"); } else { $users = getDataUser($username); //echo "username is $username and password is $password"; foreach ($users as $row_user) { if ($password == $row_user['password']) { $_SESSION['username'] = $row_user['username']; $_SESSION['permission'] = $row_user['permission']; header("Location: {$base_url}/"); } else { header("Location: {$base_url}/login.php?nopass=true"); } } } }
if (filter_input(INPUT_POST, 'sub', FILTER_DEFAULT)) { $nm = filter_input(INPUT_POST, 'nama_lengkap'); $email = filter_input(INPUT_POST, 'email'); $tmpLahir = filter_input(INPUT_POST, 'tempat_lahir'); $tgllahir = date("Y-m-d", strtotime(filter_input(INPUT_POST, 'tanggal_lahir'))); $jkelamin = filter_input(INPUT_POST, 'jenis_kelamin'); $alamat = filter_input(INPUT_POST, 'alamat'); $upDt = "UPDATE tblpasien SET \n nama = :nama,\n tempatLahir = :tlahir,\n tanggalLahir = :tglLahir,\n alamat = :alamat,\n jenisKelamin = :jnsKelamin WHERE idTblUser = :iduser"; $dtUpDd = array('nama' => $nm, 'tlahir' => $tmpLahir, 'tglLahir' => $tgllahir, 'alamat' => $alamat, 'jnsKelamin' => $jkelamin, 'iduser' => $_SESSION['id']); $upData = $db->query($upDt, $dtUpDd); $upEmail = "UPDATE tbluser SET email = :email WHERE idtblUser = :iduser"; $dtUpEmail = array('email' => $email, 'iduser' => $_SESSION['id']); $upDtEmail = $db->query($upEmail, $dtUpEmail); $data = getDataUser($db); } else { $data = getDataUser($db); } function getDataUser($db) { $data = array(); $query = "SELECT \n tbluser.`email`,\n tblpasien.`nama`,\n tblpasien.`tempatLahir`,\n tblpasien.`tanggalLahir`,\n tblpasien.`jenisKelamin`,\n tblpasien.`alamat`,\n tblpasien.`foto`\n FROM \n tblpasien INNER JOIN tbluser ON tblpasien.`idTblUser` = tbluser.`idtblUser` \n WHERE tblpasien.`idTblUser` = " . $_SESSION["id"]; $res = $db->row($query); if ($res > 0) { $data['nama'] = $res['nama']; $data['email'] = $res['email']; $data['tmpLahir'] = $res['tempatLahir']; $data['tglLahir'] = date_format(new DateTime($res['tanggalLahir']), "m/d/Y "); $data['jnsKelamin'] = $res['jenisKelamin']; $data['alamat'] = $res['alamat']; if (!empty($res['foto'])) { $data['foto'] = img_path . $res['foto'];