Untitled

<?
session_start();

$err_msg = array();
$flag = false;

$pass = $_POST['password'];
$user = $_POST['user'];

if(!$pass) {
$err_msg[] =  "You forgot your password";
$flag = true;
}
if(!$user) {
$err_msg[] = "You forgot your user";

$flag = true;
}

if($flag) {
$_SESSION['ERR_MSG'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}

$check = "SELECT * etl_users WHERE strUsername='$user' AND AND strPassword='".md5($pass)."' AND acp_access='1'";
$res = mysql_query($check);

if($res) {
if(mysql_num_rows($result) == 1) {
session_regenerate_id();
$member = mysql_fetch_assoc($res);
$_SESSION['SESS_USER_NAME'] = $member['USER_NAME'];
session_write_close();
header("location: index.php");
exit();
}
else {
header("location: login.php");
exit();
}
    }else {
        die("fuck");
}
?>