I created a login form with the following code:
Login.html:
<form action="login.php" method="post">
<input type="hidden" name="id" value=''>
Usuário<input type="text" name="usuario" id="usuario" >
Senha<input type="password" name="senha" id="senha">
<input type="submit" name="entrar" id="entrar" value="Entrar">
</form>
The php code:
Login.php:
<?php
//inclui arquivo com conexao ao banco
include_once('db.php');
$usuario = mysql_real_escape_string($_POST['usuario']);
$senha = md5(mysql_real_escape_string(($_POST['senha'])));
$entrar = $_POST['entrar'];
if ($_POST['entrar']) {
$sql = "SELECT * FROM login WHERE usuario='$usuario' AND senha='$senha'" or die("erro ao selecionar");
$acao_sql = $mysqli->query($sql);
if ($acao_sql=mysqli_num_rows($sql)>=0){
setcookie("usuario",$usuario);
header("Location:painel.php");
}else{
echo"<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='login.html';</script>";
die();
}
}
?>
The problem is that whatever password and user I put, it enters the system (pane.php).