need help for my php login script using md5

[jonasgalileo]

I tried to put an md5 encryption to retrieve the password but still, i cant access the member page or the targeted page. pls help.. what is the correct query for the script that I made. :'(

 

<?php

//Start session

session_start();

 

//Connect to mysql server

$link=mysql_connect("localhost","root");

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

//Select database

$db=mysql_select_db("lcadvance");

if(!$db) {

die("Unable to select database");

}

 

//Sanitize the value received from login field

//to prevent SQL Injection

if(!get_magic_quotes_gpc()) {

$login =mysql_real_escape_string($_POST['login']);

}else {

$login =$_POST['login'];

}

 

//Create query

 

$qry="SELECT admin_id FROM authorzied_users WHERE username ='$login' AND passwd  ='".md5($_POST['password'])."'";

$result=mysql_query($qry);

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result)>0) {

//Login Successful

session_regenerate_id();

$member=mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID']=$member['admin_id'];

session_write_close();

header("location: member-index.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}

 

 

?>

 

 

but this is the output..

Login Failed

Login Failed!

Please check your username and password

[Jabop]

You escaped the password hash properly, but you need to escape the username properly.

 

$qry="SELECT admin_id FROM authorzied_users WHERE username ='".$login."' AND passwd  ='".md5($_POST['password'])."'";

[jonasgalileo]

$qry="SELECT admin_id FROM authorzied_users WHERE username ='".$login."' AND passwd  ='".md5($_POST['password'])."'";

 

 

Login Failed!

Please check your username and password

 

i still get the same output..