I need to confirm if is email and password correct , but it work with any password I enter. What's the problem? Here is the code:
<?php
if(isset($_POST['submit'])){
$email = mysql_real_escape_string($_POST['email']);
$pass = $_POST['password'];
$hash = hash("sha512", $pass);
$hash1 = hash("whirpool", $hash);
$hash2 = hash("sha384", $hash1);
$password = $hash2;
$query=mysql_query("SELECT * FROM register WHERE email='$email' AND password='$password'") or die(mysql_error());
$count=mysql_num_rows($query);
if($count==1){
while ($row=mysql_fetch_array($query)) {
$username=$row['username'];
$heslo=$row['password'];
$_SESSION['valid'] = $username;
if(isset($_SESSION['valid'])){
$realtime = date("d-m-Y h:i:s");
$session = $_SESSION['valid'];
echo "<script> window.location.replace('index.php');
</script>";
header("Location: index.php");
}else{
echo "Přihlášení neproběhlo správně";
}
}
}
}
?>