i have a login html page linked to the php processing page but nothing happens when i submit here is the code. should i jus have a login php page instead. im confused. no errors showing. please help im almost done.

<?php
session_start();
ini_set('arg_separator.output',';');
$con = mysql_connect("host","database","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);

// process log in form
if (isset($_POST['login'])){
if (!empty($_POST['user'])){
$user = $_POST['user'];
}
if (!empty($_POST['password'])){
$password = $_POST['password'];
}

// query whether there is a user with $usr for username and $pwd for password in the users database
$result = mysql_query("SELECT * FROM users WHERE user = '$user'");
while($row = mysql_fetch_array($result))
{
$password = $row['password'];
$user = $row['user'];
}
if($user){
if($password != 'Password'){
if ( $_POST['password'] == "$password"){
$_SESSION['user'] = $_POST['user'];

setcookie("user", $user, time()+3600);
}
}
}
mysql_close($con);
}
// log out
if (isset($_GET['logout'])){
unset($_SESSION['user']);
session_destroy();
setcookie("user", "", time()-3600);
}
?>

Dude, I was you, I would mask those username/password from this post!

o **** i forgot about that

Better that way..
Now, I do see something strange in your code...

This is ok (but you could add addslashes() to the $_POST variables, to add a bit of security)

PHP Code:

// process log in form
if (isset($_POST['login'])){
if (!empty($_POST['user'])){
$user = $_POST['user'];
}
if (!empty($_POST['password'])){
$password = $_POST['password'];
} 


But later you do:

PHP Code:

$result = mysql_query("SELECT * FROM users WHERE user = '$user'");
while($row = mysql_fetch_array($result))
{
$password = $row['password'];
$user = $row['user'];
} 


Which overwrite your form values with the db values...

And even worse, you re-check your re-fetch the username from the post later to put it in the session:

PHP Code:

$_SESSION['user'] = $_POST['user']; 


Why not do everything in 1 shot ?

PHP Code:

<?php
session_start();
ini_set('arg_separator.output',';');
$con = mysql_connect("host","database","password");
if (!$con){
    die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);

// process log in form
if (isset($_POST['login'])){
    if (!empty($_POST['user'])){
        $user = trim(addslashes($_POST['user']));
    }
    if (!empty($_POST['password'])){
        $password = trim(addslashes($_POST['password']));
    }

    // query whether there is a user with $user for username and $pwd for password in the users database
    $result = mysql_query("SELECT * FROM users WHERE user = '$user' and password='$password' ");
    while($row = mysql_fetch_array($result)){
        //We reach that part only if we have a username/password pair that match
        $_SESSION['user'] = $user;
        setcookie("user", $user, time()+3600);
    }
    //mysql_close($con);        //This is not necessary, the connection will be close automatically by php at the end of the script
}

// log out
if (isset($_GET['logout'])){
    unset($_SESSION['user']);
    session_destroy();
    setcookie("user", "", time()-3600);
}
?>

in my users table i have userID, user, emailaddress, password (char) .at the bottom of the code i put header location post.php to try and redirect to this if they authenticate. but redirects even if wrong uer and pass processed. i know im just being retarded and dont know how to do this so how do i get past this. please help me ppl. i hav to 4 oclock. thanks alot. sorry if im fraustratin any1 the help is much appriciated

???
I don't understand, where is the problem ?
You want to redirect on different pages, when the user suceed to login or not ?
In that case, you'd better transform this script in 2 function, and call them on demand, like that:

PHP Code:

<?php
session_start();
ini_set('arg_separator.output',';');
$con = mysql_connect("host","database","password");
if (!$con){
    die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);


function login(){
    // process log in form. As we fetch username and password from $_POST, no need to declare them to the function
    if (isset($_POST['login'])){
            if (!empty($_POST['user'])){
                    $user = trim(addslashes($_POST['user']));
            }
            if (!empty($_POST['password'])){
                    $password = trim(addslashes($_POST['password']));
            }

            // query whether there is a user with $user for username and $pwd for password in the users database
            $result = mysql_query("SELECT * FROM users WHERE user = '$user' and password='$password' ");
            while($row = mysql_fetch_array($result)){
                    //We reach that part only if we have a username/password pair that match
                    $_SESSION['user'] = $user;
                    setcookie("user", $user, time()+3600);
                    header('location:/success.php');
            }
            //mysql_close($con);        //This is not necessary, the connection will be close automatically by php at the end of the script
    }
    header('location:/failure.php');
}


// log out
function logout(){
    if (isset($_GET['logout'])){
            unset($_SESSION['user']);
            session_destroy();
            setcookie("user", "", time()-3600);
    }
}

if(isset(isset($_POST['login']))){
    login();
}
elseif((isset($_GET['logout']))){
    logout();
}
?>