"incorrect password" error when password is Correct!! Help

mannyguy

HI. I keep getting an error when logging in telling me my password is incorrect when it is not. I already have a register page set up that works just fine. Help please.

<?php
//connects to database
mysql_connect("useraccounts2011.db.8420540.hostedresource.com", "myusername", my password") or die(mysql_error());
mysql_select_db("useraccounts2011") or die (mysql_error());

//checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs in and directs to members page
{
$username = $COOKIE['ID_my_site'];
$userpassword = $COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")
or die(mysql_error());

while($info = mysql_fetch_array( $check ))
{
	if ($pass != $info['userpassword'])
		{
		}
	else
		{
		header(" testing_login.php");
		}
}

}
//if the log in form is submitted
if (isset($_POST['loginsubmit'])) { //if form has been submitted

//makes sure forms is filled in
if(!$POST['username'] | !$POST['userpassword']) {
die('You did not fill in required fields.');
}

//checks against database
if (!get_magic_quotes_gpc()) {
$POST['username'] = addslashes($POST['username']);
}

$check = mysql_query("SELECT * FROM users WHERE username = 
'".$_POST['username']."'")or die(mysql_error());

//gives error if user doesn't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('Username does not exist. <a href="spartacu_joinsite.php">Register Here</a>');
}
while($info = mysql_fetch_array( $check))
{
$POST['userpassword'] = stripslashes($POST['userpassword']);
$info['password'] = stripslashes($info['password']);
$POST['userpassword'] = md5($POST['userpassword']);

//gives error if the password is wrong
if ($_POST['userpassword'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{

//keeps username in form after 'Incorrect password' error
$SESSION['username'] = $POST['username'];

//if log in is ok we add a cookie
$POST['username'] = stripslashes($POST['username']);
$hour = time() + 3600;

setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['userpassword'], $hour);

//then redirect to members area

header("testing_login.php");
}
}
}
else
{
//if they are not logged in
?>

mannyguy

My appologies. I thought my first post didn't go thru. Sorry. This thread can be deleted/locked.