[RESOLVED] Login Null rejection..

IceRegent

I have a login script which works correctly except for the instance when both username and password are blank. If either have a blank and the other not, it works, if both are correct it works, if one is not correct it works, but if both are blank, it passers the user on anyway. Here is the script:

<?php
// set-up database connection
include "db_config.php";
mysql_select_db(iceregen_MStudio);
session_start();
$message="Invalid Login - Please try again";
//session_register(LoginName)

// check for propper login from users table
$redirectLoginSuccess = "MStudioMain.php";
$redirectLoginUnSuccess = "index.php?$message";
$_SESSION['Valid'] = false;
if ($LoginName == null or $pword == null)
 {
session_unset();
header("Location: " . $redirectLoginUnSuccess );
} 
$query  = "SELECT  UserID, UserName, password FROM users";
$result = mysql_query($query);

while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{

if ($row['UserName'] == $LoginName AND $row['password'] == $pword)
{
$_SESSION['YourName'] = $row['UserName'];
$_SESSION['Unumber'] = $row['UserID'];
$_SESSION['Valid'] = true;
mysql_close();
header("Location: " . $redirectLoginSuccess );
break;
    }
//echo 'Invalid UserName and/or Password';

session_unset();
header("Location: " . $redirectLoginUnSuccess );
} 

mysql_close();
?>

I dont know why this is happenning. Can anyone see where my blind eyes cannot?

thanks
Ice

bogu

That's a verry bad login, think when u have 1mil users in database ...

Lots of problems in there, I think u should change the script ...

U select all the users and then check if one of them is the user that try to login, not good ...

U can make it simplier, but I'm to tired to explain u right now, I sugest u to find one login script on the net ...

IceRegent

Unfortunately, that wasnt an answer.