1. Changing the database adapter (recommended)
You should use PDO or Mysqli instead of mysql.
2. Handling of $_POST content (recommended)
Never pass magical request variables ($_POST, $_GET, etc) without a sanitizing proper. You are doing this:
[...]
$nome = $_POST['nome'];
$password = $_POST['password'];
[...]
When I speak of hygiene, I mean its literal meaning:
s.f. Sanitize action or effect.
(Etm. sanitize + action)
And sanitize, in turn:
v.t.d. Make it clean; be clean: sanitize
toilets. Stop being sick; get healthy or hygienic.
(Etm. hygiene + Izar)
Your magical request variables nay are healthy because they can store various mischief that can harm your application as a whole; we go from SQL injection to malicious characters that your application is not prepared to handle, may be spaces or even some more exotic.
3. Problem in the query
The following code fragment is not correct:
[...]
$db = mysql_query("SELECT * FROM 'users' WHERE nome = '$nome' and password = '$password' ") or die(mysql_error());
[...]
The use of single quotes on database variables is incorrect. Instead, you can use the fully optional "`", staying that way:
[...]
$db = mysql_query("SELECT * FROM `users` WHERE nome = '$nome' and password = '$password' ") or die(mysql_error());
[...]
4. Problem under session registration condition
You have the following fragment:
[...]
if($num_row < 1){
[...]
The problem there is in your condition. That is to say that if the results of your query in the database are less than one, ie return "0" valid login, you will register a session?
We then replace it with the following:
[...]
if($num_row == 1) {
[...]
Why == 1
?
If the number of rows returned is greater than one, it means that we have more than one result - which can’t be true, because there either we have a query problem or two identical records (or almost) in the database.
If the number of lines is equal the one, the margin of error is almost zero. Therefore, keep this option which is the most suitable for your case.
To start, mysql_* does not work in the latest versions of PHP, you can use Mysqli or PDO
– braulio_holtz
@braulio_holtz Do you know which version of PHP it uses? Do you know if the error is in the database driver?
– Guilherme Oderdenge
I don’t know where the error is, it doesn’t execute the code
– Barofscas
The last
echo
... hmm... you mean the "Login failed"?– Guilherme Oderdenge
what appears to me in the browser is this loginsuccessufully()</script>"; } Else{ echo"Login failed"; echo" <script> loginfalhou() </script>"; } ?>
– Barofscas
@thingy Create a php file with <?php phpinfo() code; and run and send the result, php version, something like that
– braulio_holtz