I have a probrem with a login, and there are no one error in my log
I'a tired looking for a mistake.
Look at my code and tell me if see anything bad
there is login.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php
error_reporting(E_ALL | E_STRICT);
ini_set("display_errors", 0);
ini_set("log_errors", 1);
ini_set("error_log", "logovi.log");
session_start();
if (isset($_POST['ime'])&&isset($_POST['pas']))
{
// without sql injection
//$ime = $_POST['ime'];
//$pasvord = $_POST['pas'];
// for sql injection
$ime = mysql_real_escape_string($_POST['ime']);
define('skrembl', '48762497&*%$#(%$1');
$pasvord = md5(skrembl . $_POST['pas']);
include "konekcija.php";
$sql="SELECT k.*, u.* FROM korisnik k JOIN uloga u ON k.UlogaID = u.UlogaID WHERE KorisnickoIme = '".$ime."' AND Lozinka = '".$pasvord."'";
$q = mysql_query($sql);
if (mysql_num_rows($q)==1)
{
$_SESSION['ime'] = $_POST['ime'];
$red=mysql_fetch_array($q);
$_SESSION['korisnickoIme'] =$red["Ime"];
$_SESSION['prezime'] =$red["Prezime"];
$_SESSION['telefon'] =$red["Telefon"];
$_SESSION['email'] =$red["Mail"];
if($red["NazivUloge"] == "Administrator")
header('Location: admin.php');
else
header('Location: prva.php');
}
else
{
header('Location: MojNalog.php');
}
}
else
{
//Ako POST parametri nisu prosledeni
echo "Nisu prosledeni parametri!";
}
mysql_close($db);
?>
</body>
</html>
And there is my connection on database - konekcija.php (this database I use fore many other function, and i think that the file work properly )
<?php
$mysql_server = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_db = "nekretnine";
if (!$db=mysql_connect($mysql_server, $mysql_user, $mysql_password)) {
die ("<p>Spajanje na mysql server je bilo neuspešno</p>");
}
if (!mysql_select_db($mysql_db, $db))
{
die ("<p>Greška pri odabiru baze</p>");
} else {
mysql_query("SET NAMES utf8");
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET COLLATION_CONNECTION='utf8_unicode_ci'");
}
?>
and code where is input of username and password is in file MojNalog.php
<form method="post" action="login.php">
<div class="contact_form">
<?php
//[b]View if user succeed to login[/b]
if (isset($_SESSION['korisnickoIme']))
{
print "<div class=\"form_row\">
<label class=\"contact\"><strong>Vasi Podaci</strong></label><p></p>
<label class=\"contact\"><strong>Ime: </strong></label>
<label class=\"contact\"><strong>".$_SESSION['korisnickoIme']."</strong></label>
</div>
<div class=\"form_row\">
<label class=\"contact\"><strong>Prezime: </strong></label>
<label class=\"contact\"><strong>".$_SESSION['prezime']."</strong></label>
</div>
<div class=\"form_row\">
<label class=\"contact\"><strong>Korisnicko ime: </strong></label>
<label class=\"contact\"><strong>".$_SESSION['ime']."</strong></label>
</div>
<div class=\"form_row\">
<label class=\"contact\"><strong>Telefon: </strong></label>
<label class=\"contact\"><strong>".$_SESSION['telefon']."</strong></label>
</div>
<div class=\"form_row\">
<label class=\"contact\"><strong>Email: </strong></label>
<label class=\"contact\"><strong>".$_SESSION['email']."</strong></label>
</div>
";
}
else
{
//[b]LOGIN FORM[/b]
print "<div class=\"form_row\">
<label class=\"contact\"><strong>Unesite korisničko ime:</strong></label>
<input type=\"text\" class=\"contact_input\" name = \"ime\"/>
</div>
<div class=\"form_row\">
<label class=\"contact\"><strong>Unesite šifru:</strong></label>
<input type=\"password\" class=\"contact_input\" name=\"pas\"/>
</div>
<div class=\"form_row\">
<input type=\"submit\" class=\"contact\" value= \"Log In\"/>
</div> ";
}
?>
</div>
</form>
please help i don't see any mistake