Hi everyone, I am giving a shot at a typical login script, which plucks usernames, passwords, and access levels from 2 databases. The passwords database uses md5 encryption, I havn't much of a clue what I am doing with that though. My real problem, if thats not it, lies with the verification. I try to log in using a real account/password, and a fake account/password, and it simply reloads the form without displaying any of the 'else' statements. Any help would be appreciated. Script is 'supposed' to function like this; -> Collect form information. -> Connects to database. -> Sets $db_user as ID(TINYINT(6)) from database Users. -> Sets $db_pass as Password(MD5(32)) from database Passwords. -> Converts the $db_pass(Password from FORM) to MD5 hash. -> Checks if password(MD5) from FORM matches password(MD5) from database. -> -> If match get access level from Users & set some cookies. -> -> If failed kick their asses ;) -> Checks if access level matches either 1, 2, or 3 and displays relative info. Areas of concern for me are MD5, $GLOBALS, and PHP_SELF. (Are those correct?) <? if ($submit) { $db = mysql_connect("localhost", "dbname", "dbpassword"); mysql_select_db("mydb", $db); $db_user = " SELECT ID FROM dbusers WHERE UserName = '$username'"; $db_pass = " SELECT Password FROM dbpasswords WHERE ID = '$db_user'"; $db_pass_temp = MD5('$db_pass'); if ($password == $db_pass_temp) { $db_access = " SELECT Access FROM dbusers WHERE ID = '$db_user'"; setcookie('user', $_POST['$db_user'], (time() +2592000), '/', '', 0); setcookie('access', $_POST['$db_access'], (time() +2592000), '/', '', 0); } else { echo "Password specified was incorrect."; } if ($db_access == "1") { echo "You are logged in as an Administrator.<BR> <A href='next.php'>Click here for options.</A>"; } elseif ($db_access == "2") { echo "You are logged in as a Power User.<BR> <A href='next.php'>Click here for options.</A>"; } elseif ($db_access == "3") { echo "Welcome to this place, you are logged in.<BR> <A href='next.php'>Click here for options.</A>"; } } ?> <FORM method="POST" action="<? echo $GLOBALS ['PHP_SELF'];?>"> Name:<INPUT type="text" name="username" selected><BR> Password:<INPUT type="password" name="password"><BR> <INPUT type="submit" name="submit" value="Login"> </FORM> Hartleigh Burton www.channel-x.org -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php