Untitled

<?php
$connect = mssql_connect('NIELS-PC\SQLEXPRESS', 'sa', 'lolislol');
mssql_select_db("GunzDB");
if($connect != ""){
}
else
{
echo "Connection failed.";
}
$user = $_POST['name'];
$pass = $_POST['pass'];
$i = 1;
/*

$query3 = mssql_query("SELECT MasterCID FROM Clan WHERE MasterCID = '$CID'");
$query2 = mssql_query("SELECT TOP 4 Name, CID FROM Character WHERE AID = '$AID'");
*/
echo $i;
?>

<html>
<head>
<title>KillShop</title>
</head>

<body>
<table align="center" border="3">
<tr>
<td>
<h2>Step1:</h2>
</td>
</tr>
<tr>
<td>
<form action="" method="POST">
<table align="center" border="1">
<tr>
<td>
Username: <input type="text" value="<?php echo $user; ?>" name="name">
</td>
</tr>
<tr>
<td>
Password: <input type="password" value="<?php echo $pass; ?>"  name="pass">
</td>
</tr>
<tr>
<td>
<input type="submit" name ="submit" value="Login" <?php if ($i == "2"){ echo 'DISABLED';} else { }?>/>
</td>
</tr>
<tr>
<td>
<?php
if ($_POST['submit']) {


$query = mssql_query("SELECT AID,Password,UserID FROM Login WHERE UserID = '$user'");
$row = mssql_fetch_array($query);
$name = $row['UserID'];
$wacht = $row['Password'];
$AID = $row['AID'];


If($user == $name && $pass == $wacht && $AID != "") {
echo "Step 1 completed! Login Succesfully.";
while($i < 2){
$i++;
}
}
else
{
echo "Login Failed";
}


	}

?>
</td>
</tr>
</table>
</form>
</td>
</tr>
<?php
if ($i>= "2")
{
echo'
<tr>
<td>
<h2>Step2</h2>
</td>
</tr>
<tr>
<td>
Character:
<select>
';

$query2 = mssql_query("SELECT TOP 4 Name,CID FROM Character WHERE AID = '$AID'");
while($row2 = mssql_fetch_array($query2)){
$char = $row2['Name'];
echo '<option value="'.$char.'">';
echo "$char";
echo '</option>';

}

echo'
</select>
</td>
</tr>
</table>
';
}
?>

</body>

</html>