mysql - PHP 2 people logging in at the same time from the same computer -

i have login script should check 2 people login in @ same time compares usernames , password in mysql server if user exists

//player 1 login username , password $p1name = $_post['p1name']; $p1pass = $_post['p1pass'];  //player 2 login username , password $p2name = $_post['p2name']; $p2pass = $_post['p2pass'];       $connection = mysql_connect("db_host", "db_user", "db_pass"); mysql_select_db("db_name", $connection);       get_user($p1name, $p1pass);  get_user($p2name, $p2pass);  $row = $result; $found = false;      if(($row["username"] == $p1name && $row["password"] == sha1("$p1pass")) && ($row["username"] == $p2name && $row["password"] == sha1("$p2pass"))){             $found = true;             break;         }   function get_user($username, $password) {     $query = 'select * users';     $query .= ' username = ' . mysql_real_escape_string($username);     $query .= ' , password = ' . mysql_real_escape_string(sha1($password));     $result = mysql_query($query);     return mysql_fetch_assoc($result); } 

1. you're using = instead of === (or, if must, ==). = assignment operator in php; === , == equality operators.
2. you're comparing same username both $p1name , $p2name. unless 2 variables same, expression (after correcting (1) above) never evaluate true.

3. you're looping instead of using sql loop you. example:

   function get_user($username, $password) {     $query = 'select * users';     $query .= ' username = ' . mysql_real_escape_string($username);     $query .= ' , password = ' . mysql_real_escape_string(sha1($password));     $result = mysql_query($query);     return mysql_fetch_assoc($result);  } 

as knowing when 2 people "on same computer" trying join same game (or whatever), it's common instead provide game id. users can join game connecting using game id, accessing url.

after user logs in, they'll given option start game. when do, provide game id in url parameter (e.g. mysite/game.php?gameid=2153259). (you may want use random id's or game id prevent other players joining game "accidentally".) "host" can give url else, , new user entered game (perhaps after being asked).