3/25/2011. Manajemen Sesi Login User Cookie

Manajemen Sesi Login User Cookie Session Session digunakan untuk menyimpan suatu informasi antar proses request, baik request dalam bentuk POST atau GET Salah satu contoh yang menggambarkan penggunaan session adalah proses login. User akan memasukkan username melalui form login. Setelah login berhasil, user tersebut dihadapkan pada link menu navigasi yang menuju ke beberapa halaman web. Agar username tersebut akan selalu tampil atau tercatat di halaman halaman web tersebut, maka username dapat disimpan dalam session. 1

Contoh sederhana <html> <body> <form action="session.php" method="post"> User Name :<input type="text" name="username"><br> Password :<input type="password" name="password"><br> <input type="submit" value="login"> </form> </body> </html> <? //session.php session start(); _ $username = $_POST["username"]; $password = $_POST["password"]; if ($username=="ragil" && $password=="rahasia"){ $_SESSION["user"] = $username; header("location: berhasil.php"); }else { echo "Maaf anda gagal melakukan login"; } 2

<? //berhasil.php session_start(); if (isset($_session[ SESSION["user"])){ echo "Selamat datang <b>".$_session["user"]." </b> anda berhasil login<br>"; echo "<a href='logout.php'>logout</a>"; }else { echo "Maaf anda tidak berhak mengakses halaman ini!"; } <? //logout.php session_start(); session_unset(); session_destroy(); header("location: login.php"); Hasil 3

Login User with Session Session dapat digunakan untuk mengatur menu yang dapat diakses oleh user Digunakan database untuk menyimpan data user Schema : Schema Flow The first time that a protected page is requested, the user will not have entered his or her login details yet. The script detects this and prompts p the user for a username and password with a login form instead of displaying the requested page. When that form is submitted, the page is reloaded, this time with a username and password specified. The script sees that the login details have been specified, and registers them as session variables so that they remain available for the rest of the user's visit. Finally, the script checks the database to make sure the username/password combination is valid. If it is, the page requested is displayed. If not, an "access denied" message is displayed with a link inviting the user to try logging in again. 4

Form Login Form : Validasi Form : Validasi Form dengan javascript <script language="javascript"> <! function cek2(){ if (document.form2.username.value==""){ alert('username belum diisi'); document.form2.username.focus(); return false; } if (document.form2.password.value==""){ alert('password wajib diisi'); } return true; } --> </script> document.form2.password.focus(); return false; 5

Cek Login $password=md5($_post[password]); $sql="select *from user where username='$_post[username]' AND password='$password'"; $result=mysql_query($sql); $ketemu=mysql_num_rows($result); $data=mysql_fetch_array($result); if($ketemu>0) { session_start(); $_SESSION[username]=$data[username]; $_SESSION[password]=$data[password]; $_SESSION[level]=$data[level]; $data[level]; if($data[level]=="user Biasa ) { header('location:index.php?module=home'); }elseif($data[level]=="administrator ) { header('location:index.php?module=home'); }} echo "<script> alert('username dan Password Anda tidak cocok'); location.href='index.php'</script>"; 6

Login OK Pembagian hak akses menu Cek level user if($_session[level]== SESSION[level]=="User Biasa"){ echo <a href="?module=home">home</a><br /><br> <a href="?module=info">browsing</a><br /><br> <a href="?module=info2">surving </a><br><br> ; } if($_session[level]=="administrator ) { echo <a href="?module=home">home</a><br /><br> <a href="?module=tambah">tambah</a><br /><br> <a href="?module=edit">edit</a><br /><br> <a href="?module=hapus">hapus </a><br><br> ; } Hasil Manajemen Menu User Biasa Administrator 7

Manajemen Content <? // Tanpa User dan Password if(empty($_session[username]) ($ AND empty($_session[password])){ echo "<h2>selamat DATANG di Sistem Informasi xxx</h2><br>"; echo "Halaman ini dapat diakses tanpa user dan password";} else{ // Setting Menu berdasarkan level user if($_session[level]=="user Biasa"){ echo "Tampilan informasi yang bisa diakes <b>user biasa</b>"; }} if($_session[level]=="administrator"){ echo "Tampilan informasi yang bisa diakes <b>administrator</b>";} Hasil Manajemen Content Umum User Biasa Administrator 8

Secure session management with cookie Strong session management is a key part of a secure web application. Since HTTP does not directly provide a session abstraction, application and framework developers must bake their own using cookies. What Cookie?? Most web application frameworks use client side cookies to index a state table on the server side. Session state is usually represented with a specialpurpose object type, stored on the server, and could contain anything relevant to the application: user profile, user privileges, cached data from a back end store, browsing history and page flow state, or CSRF (Cross Site Request Forgery )prevention tokens. 9

Create Cookie Menggunakan function setcookie Dideklarasikan sebelum tag html Syntax : setcookie(name, value, expire, path, domain); Contoh : <?php setcookie( user, Aman Khan, time()+3600); <html>.... Retrieve Cookie Menggunakan $_COOKIE variable nama variabel cookie = user <?php // Print a cookie echo $_COOKIE["user"]; // A way to view all cookies print_r($_cookie); 10

Menggunakan fungsi isset <html> <body> <?php if (isset($_cookie["user"])) echo "Welcome ". $_COOKIE["user"]. "!<br />"; else echo "Welcome guest!<br />"; </body> </html> Menghapus Cookie Dengan cara membuat expired cookie tersebut <?php // set the expiration date to one hour ago setcookie("user", "", time()-3600); Expired time = ( ) negatif, Cookie telah expired 3600 detik atau 1 jam yang lalu 11

Membuat beberapa cookies <? //set beberapa setcookie("username[one]","ragil",time()+60 ); setcookie("username[two]","saputra",time()+60) ; setcookie("username[three]","hadi",time()+60); echo "Cookie telah diset... <a href='lihatcookie.php'>cookie</a>"; <? //lihatcookie.php echo "Cookie yang telah dikirimkan: <br>"; if (isset($_cookie["username"])){ while(list($index,$value) = each($_cookie["username"])){ echo "Nama Ke-".$index." = ".$value."<br>"; } } Hasil Cookies 12