Pošto sam neiskusan u PHP, imam problem sa login formom.
Kada upisem pogresan user i lozinku sve uredu naime kada upisem tacan user i lozinku
tj. admin i admin(lozinka i user, tako stoji u bazi) ono mi vraca ovo.
echo 'Username or Password is invalid';
Isto da mi se uopšte ne ‘definira’ varijabla, tj ovaj dio.
$query = mysqli_query("SELECT * FROM `admin` WHERE `user`='$username' AND `password`='$password'");
izvolite citav source.
<?php include("../inc/db.php"); ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Control Panel - Login</title>
<link rel="stylesheet" href="css/logstyle.css">
</head>
<body>
<div class="loginBox">
<form action="login.php" method="POST">
<div class="boxOne">
<div class="image"></div><input type="text" name="user" placeholder="username" required>
<div class="imagpw"></div><input type="password" name="pw" placeholder="********" required>
</div>
<div class="boxTwo">
<input type="submit" value="LOGIN" name="submit">
<div class="rec"></div>
<?php
//When somebody press submit
if(isset($_POST['submit'])){
error_reporting(TRUE);
//Define variables, secure from XSS and SQLi
$_POST['user'] = strip_tags($_POST['user']);
$_POST['pw'] = strip_tags($_POST['pw']);
$_POST['user'] = mysql_real_escape_string($_POST['user']);
$_POST['pw'] = mysql_real_escape_string($_POST['pw']);
$username = $_POST['user'];
$password = $_POST['pw'];
//Getting data from database.
$query = mysqli_query("SELECT * FROM `admin` WHERE `user`='$username' AND `password`='$password'");
$rows = mysqli_num_rows($query);
if ($rows>=1) {
session_start();
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
echo 'Username or Password is invalid';
}
}
?>
</div>
</form>
</div>
</body>
</html>