<?php $username = $_POST['nick']; $password = $_POST['pw']; $usernam

1. <?php          
2.         $username = $_POST['nick'];
3.         $password = $_POST['pw'];
4.         $username = str_replace("'","",$username);
5.         $username = str_replace("<","",$username);
6.         $password = str_replace("<","",$password);
7.         $password = str_replace("'","",$password);
8.         $vrati = md5($password);
9.         if($_POST['login']){
10.         $isto = mysql_query("SELECT * FROM slusaoci WHERE username='$username' and password='$password'");
11.         if(mysql_num_rows($isto) == 1){
12.        
13.         if(isset($_POST['remember'])){
14.         setcookie("username",$username,time()+60*60*24*100);
15.         setcookie("password",$password,time()+60*60*24*100);
16.         echo "<script>window.location=\"index.php\"</script>";
17.         } else {
18.         setcookie("username",$username,false);
19.         setcookie("password",$password,false);
20.         echo "<script>window.location=\"index.php\"</script>";
21.         }
22.         $ip2 = getenv('REMOTE_ADDR');
23.         mysql_query("UPDATE slusaoci SET ip='$ip2' WHERE username='$username'");
24.         } else {
25.         echo "<center><p style='color:red;font-size:12px;'>Netacan username ili password</p></center>";
26.         } }?>