Could someone please take a look at this script and figure out why it isn't working.It denies access even to registered users.
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = sha1($_POST["password"]);
/* establish a connection with the database */
$server = mysql_connect("localhost", "ydmmtbz_ydmmtbz",
if (!$server) die(mysql_error());
/* SQL statement to query the database */
$query = "SELECT * FROM Users WHERE Userid = '$user'
AND Password = '$pass'";
/* query the database */
$result = mysql_query($query);
/* Allow access if a matching record was found, else deny access. */
echo "Access granted.Welcome $user.";
echo "Access Denied: Invalid Credentials.";
Thank you for your time.