Ima li ko ideju kako da sredim ovaj login?
Code:
if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($con, $query) or die(mysqli_error($con));
//$count = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if (!empty($row))
{
if(password_verify($password, $row['password']))
{
$_SESSION['id'] = $username;
$ip = $_SERVER["REMOTE_ADDR"];
$q = "UPDATE users SET ip='$ip' WHERE username='$username'";
mysqli_query($con, $q);
header('Location: index.php');
}
else
{
echo '<script language = "javascript">';
echo "alert('Invalid Password.');window.location.href='login.php'";
echo '</script>';
}
}
else
{
echo '<script language = "javascript">';
echo "alert('Something went wrong, Enter real data.');window.location.href='login.php'";
echo '</script>';
}
}
if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($con, $query) or die(mysqli_error($con));
//$count = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if (!empty($row))
{
if(password_verify($password, $row['password']))
{
$_SESSION['id'] = $username;
$ip = $_SERVER["REMOTE_ADDR"];
$q = "UPDATE users SET ip='$ip' WHERE username='$username'";
mysqli_query($con, $q);
header('Location: index.php');
}
else
{
echo '<script language = "javascript">';
echo "alert('Invalid Password.');window.location.href='login.php'";
echo '</script>';
}
}
else
{
echo '<script language = "javascript">';
echo "alert('Something went wrong, Enter real data.');window.location.href='login.php'";
echo '</script>';
}
}