Login Checking Error

[shebbycs]

<?php
    session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    $username = $_POST['username'];
    $_POST['pass'] = md5($_POST['pass']);
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log1 = "SELECT * FROM regis WHERE username = '$username'";
     $login1 = mysql_query($log1);
     $log2 = "SELECT * FROM regis WHERE password = '$password'";
     $login2 = mysql_query($log2);
     $log3 = "SELECT * FROM regis WHERE username = '$username' AND password = '$password'";
     $login3 = mysql_query($log3);
     $row = mysql_fetch_array($login3);
     $number = mysql_num_rows($login3);

     if($login1==FALSE)
     {
       echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$username.is not available.')</SCRIPT>");
     }
     if($login2==FALSE)
     {
       echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$password.is incorrect.')</SCRIPT>");
     }
     if ($number == 0)
     {
      print "This user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";
     }
     if ($number > 0)
     {
        $_SESSION['username'] = $row['username'];
        $_SESSION['password'] = $row['password'];
        $_SESSION['userlevel'] = $row['userlevel'];
        $_SESSION['is_logged_in'] = 1;


        if($_SESSION['userlevel']==1)
       {
         $_SESSION['is_logged_in'] = 1;
         header("Location: form2.php");
       }
        else if($_SESSION['userlevel']== 0)
       {
         $_SESSION['is_logged_in'] = 1;
         header("Location: form3.php");
       }
       }

    }

    else
    {


?>
<html>
<head>
<script type="text/javascript">
function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>



<body>
<center>
<table border="0" align="center">
<form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()">
<tr><td colspan=2><center><h1>Login</h1></center></td></tr>
<tr><td>Username:<input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:<input type="password" name="pass" maxlength="50"></td></tr>
<tr align=center><td><input type="button" value="Register" ONCLICK="window.location.href='registration.php'"></a>
<input type="submit" name="submit" value="Login"></td>

</tr>
</form>
</center>
</body>
<?php

  }



?>

 

this is login code as im want it show the error if i put any username or password error but instead it will directly show this error  "if ($number == 0)

    {

      print "This user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";

    }

"

but im want to show this    if($login1==FALSE)

    {

      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$username.is not available.')</SCRIPT>");

    }

    if($login2==FALSE)

    {

      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$password.is incorrect.')</SCRIPT>");

    }

 

error first.

 

may i know which code or if statement im put wrong

[Muddy_Funster]

you should never SELECT * from a user information table.  You should never SELECT password information from a user information table.  you should never store password information in plain text format.

 

That said, try doing a print_r($login1) and see what you get, It's not what you think it is.