Problem with an autentification and form

[adicrst]

I want to create a form that will insert some news in a database, but to be restricted only to the owner that his username and pass are saved in the db, i made a small autentification.

 

I have 2 files, autentificare.php and stiri.php

 

-the fileautentificare.php has the purpouse to verify if the dates filled in the log in form are the same with the dates in the db

-if the autentification is not made, the user is sent to the stiri.php page but a warning that sais he's not allowed is apearing. If the autentification is made corectly then he is sent to the stiri.php page again but a form for the news is showing on the page

 

What it doesn't work is that the news are not inserted in the database..

 

i have 2 tables:

DATE: id | user | pass| cod

STIRI: id | titlu | continut | data

 

here are the files

 

 

autentificare.php

 

<?php 
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  	die ("Conectare esuata!".mysql_error());
  }

mysql_select_db("pink_maindb",$con);

$cod_generat = rand(0,9999);

  	mysql_query("UPDATE date SET cod='$cod_generat' WHERE id='1' ");

?>

<html>
<body>
<form action="stiri.php" method="post">
	User: <input type="text" name="user"><br>
	Pass: <input type="password" name="pass"><br>
	Cod: <input type="text" name="cod" size="5" maxlength="4"> <?php echo "<b> $cod_generat </b><< Introduceti codul afisat !"; ?><br><br>
	<input type="submit" value="trimite">
</form>
</body>
</html>

 

 

and stiri.php

 

<?php 
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  	die ("Conectare esuata!".mysql_error());
  }

mysql_select_db("pink_maindb",$con);

$select = mysql_query("SELECT user,pass,cod FROM date where ID=1"); 
while ($row=mysql_fetch_array($select))
  {
  	$usere = $row['user']; //usere este userul existent in db
$passe = $row['pass']; //passe este parola existenta in db
$code = $row['cod']; //code este codul existent in db
  }

if (($usere == $_POST['user']) && ($passe == $_POST['pass']) && ($code == $_POST['cod']))
  {
  	echo "<Bine ai venit <b>".$_POST['user']."</b>";
echo "Completati urmatorul formular pentru a afisa o stire noua pe site<br><br>
       <form action='' method='post'>
	   Titlu: <input type='text' name='titlu'><br>
	   Continut: <textarea rows='15' cols='40' name='continut'></textarea><br> 
	   <input type='submit' value='trimite'>
	   
	   </form>";
$data = date("Y-m-d");	   
mysql_query("INSERT INTO stiri(titlu,continut,data) VALUES('$_POST[titlu]','$_POST[continut]','$data')");
  }
else
  echo "Datele furnizate nu sunt corecte !";  

?>
<a href="autentificare.php">BACK</a>

 

 

this part doesn't work because there isn't anything inserted in the db,beside the DATE

 

if (($usere == $_POST['user']) && ($passe == $_POST['pass']) && ($code == $_POST['cod']))
  {
  	echo "<Bine ai venit <b>".$_POST['user']."</b>";
echo "Completati urmatorul formular pentru a afisa o stire noua pe site<br><br>
       <form action='trimis.php' method='post'>
	   Titlu: <input type='text' name='titlu'><br>
	   Continut: <textarea rows='15' cols='40' name='continut'></textarea><br> 
	   <input type='submit' value='trimite'>
	   
	   </form>";
$data = date("Y-m-d");	   
mysql_query("INSERT INTO stiri(titlu,continut,data) VALUES('$_POST[titlu]','$_POST[continut]','$data')");
  }

 

 

how can i corect it ?