Userlogin error

pinehead18

$db = mysql_select_db("pinehead", $con) or die(mysql_error());
$sql = "SELECT * FROM users where uname='$uname' and pass='$pass'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);

    if ($row["Total"]=="0") {
    echo "can't let yo login";
    } else {
    setcookie ("user", $uname, time()+604800);
    echo "you are now logged in";
    }

}

I seem to get your are now logged in even if i don't set the right user and pass.

Any suggestions?

Frederick

You need to add a check function

if ($row["uname"] == $uname && $row["pass"] == $pass) {
    setCookie ('user', $uname, time()+(604800), '/', '', 0); 
    echo "you are now logged in";
} else {
    echo "Incorect login";
}

pinehead18

So should i take out this part..

if ($row["Total"]=="0") and replace it with the new if check function?

pinehead18

    $db = mysql_select_db("pinehead", $con) or die(mysql_error());
        $sql = "SELECT * FROM users where uname='$uname' and pass='$pass'";
        $result =  mysql_query($sql);
        $row =  mysql_fetch_array($result);

    if ($row["uname"] == $uname && $row["pass"] ==
$pass) {
        setcookie ("user", $uname, time()+604800);
        echo "you are now logged in";
        } else {
        echo "Incorrect login";
}

This is my new code yet it still does the same thing.. Even though the username and password is wrong it says "you are now logged in"

Thank you again for all your help.