Database password checking

Question

So, I have the following code:

    <?php

    mysql_connect("HOSTADDRESS", "USERNAME", "PASS") or die(mysql_error());

    mysql_select_db("DATABASENAME") or die(mysql_error());

    //Checks if there is a login cookie;

    if(isset($_COOKIE["ID_my_site"]))

        //If there is, it logs you in and directs you to the member page

    {

        $username = $_COOKIE["ID_my_site"];

        $pass = $_COOKIE["ID_my_site"];

        $check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '$emailaddress'") or die(mysql_error());

        while($info = mysql_fetch_array( $check ))

        {

            if ($pass != $info["password"])

            {

            }

            else

            {

                header("Location: members.php");

            }
        }

    }

    //If the login form is submitted;

    if (isset($_POST["submit"])) { //If form has been submitted

        //Makes sure they are filled in

        if(!$_POST["emailaddress"] | !$_POST["pass"]) {

            die("You did not fill in all required fields.");

        }

        //Checks it against the database;

        if (!get_magic_quotes_gpc()) {

            $_POST["email"] = addslashes($_POST["email"]);

        }

        $check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '".$_POST["emailaddress"]."'") or die(mysql_error());

        //Gives error if user doesn't exist;

        $check2 = mysql_num_rows($check);

        if ($check2 == 0) {

            die("That users does not exist in our database. <a href=register.php>Click here to register</a>");

        }

        while($info = mysql_fetch_array( $check ))

        {

            $_POST["pass"] = stripslashes($_POST["pass"]);

            $info["password"] = stripslashes($info["password"]);

            $_POST["pass"] = md5($_POST["pass"]);

            //Gives error if the password is wrong

            if ($_POST["pass"] != $info["password"]) {

                die("Incorrect password, please try again.");

            }

            else

            {

                //If login is ok then we add a cookie

                $_POST["emailaddress"] = stripslashes($_POST["emailaddress"]);

                $hour = time() + 3600;

                setcookie(ID_my_site, $_POST["emailaddress"], $hour);

                setcookie(Key_my_site, $_POST["pass"], $hour);

                //Then it redirects them to the members area

                header("Location: members.php");

            }

        }

    }

    else

    {

        //If they are not logged in

        ?>

        <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

        <table border="0">

        <tr><td colspan=2><h1>Login</h1></td></tr>

        <tr><td>Email Address:</td><td>

        <input type="text" name="emailaddress" maxlength="60">

        </td></tr>

        <tr><td>Password:</td><td>

        <input type="password" name="pass" maxlength="12">

        </td></tr>

        <tr><td colspan="2" align="right">

        <input type="submit" name="submit" value="Login">

        </td></tr>

        </table>

        </form>

        <?php

    }

    ?>

When I try to login via the website, even though the password is identical to the password on the database, it reads 'Incorrect password, please try again.' If I try the password with the encryption version which is found on the database, it also shows this message. Please could someone help me with this bug?

Answer 1

if(!$_POST["emailaddress"] | !$_POST["pass"]) {

use || so will be

if(!$_POST["emailaddress"] || !$_POST["pass"]) {