Ok this is the login script I am running,

PHP Code:

<?php include("head.php"); ?>

<?php
if (!$email || !$pass) {
    print "Please fill out all fields.";
    include("foot.php");
    exit;
}
$logres = mysql_num_rows(mysql_query("select * from players where email='$email' and pass='$pass'"));
if ($logres <= 0) {
    print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.";
    include("foot.php");
    exit;
} else {
    session_register("email");
    session_register("pass");
    print "Welcome. <meta http-equiv=refresh content=0;URL=updates.php> If you are not redirected to our city please click <a href=updates.php>here</a> to continue..";
}
?>

<?php include("foot.php"); ?>

And when i try to log in i get the "Please fill out all fields"

Can someone please help me?

Thanks alot, Ash~

Can you post the login form?

I noticed you never retrieve $email or $pass from $_POST, this will fail if register globals is off. Also, from your query I noticed that you are storing raw passwords in your database. You should hash your passwords before sending them to the database.

Here is the form

HTML Code:

<form method=post action=login.php>
  <div align="center">
    <table>
      <tr> 
        <td><div align="center">Email:</div></td>
        <td><div align="center"> 
            <input type=text name=email>
          </div></td>
      </tr>
      <tr> 
        <td><div align="center">Pass:</div></td>
        <td><div align="center"> 
            <input type=password name=pass>
          </div></td>
      </tr>
      <tr> 
        <td colspan=2 align=center><div align="center"> 
            <input type=submit value=Login>
          </div></td>
      </tr>
    </table>
  </div>
  <div align="center"></div>
</form>

And how would i hash them?

Thanks alot, Ash~

Try this:

PHP Code:

<?php include("head.php"); ?> 

<?php
$email = isset($_POST['email']) ? $_POST['email'] : false;
$pass = isset($_POST['pass']) ? $_POST['pass'] : false;

if (!$email || !$pass) { 
    print "Please fill out all fields."; 
    include("foot.php"); 
    exit; 
} 
$logres = mysql_num_rows(mysql_query("select * from players where email='$email' and pass='$pass'")); 
if ($logres <= 0) { 
    print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again."; 
    include("foot.php"); 
    exit; 
} else { 
    session_register("email"); 
    session_register("pass"); 
    print "Welcome. <meta http-equiv=refresh content=0;URL=updates.php> If you are not redirected to our city please click <a href=updates.php>here</a> to continue.."; 
} 
?> 

<?php include("foot.php"); ?>

Code:

<form method="post" action="login.php">
  <div align="center">
    <table>
      <tr> 
        <td><div align="center">Email:</div></td>
        <td><div align="center"> 
            <input type="text" name="email" />
          </div></td>
      </tr>
      <tr> 
        <td><div align="center">Pass:</div></td>
        <td><div align="center"> 
            <input type="password" name="pass" />
          </div></td>
      </tr>
      <tr> 
        <td colspan=2 align=center><div align="center"> 
            <input type="submit" value="Login" />
          </div></td>
      </tr>
    </table>
  </div>
  <div align="center"></div>
</form>

I added the code to retrieve the email and pass from post. I also added quotes to your input field attributes in your form.

Regarding the password hashing. You shouldn't store or transmit raw password, instead you can use a hash function like sha1 to encode them. You store the encoded password in your database. When a user enters their password you encode it and compare it to the already encoded password in the database.

PHP Code:

$pass = sha1($_POST['pass']); 


Ok this actually goes onto the redirect part but it then displays "Invalid Login" on a blank white page.

How would i incorperate the hash thing then as im a little confused however i do grasp the concept.

Thanks alot for help, Ash~