Can anyone tell me why this might not be working. It stops if the uname is not valid, doesn't stop if the pwd and uname do not match. It just reads the uname and logs in without the pwd.

PHP Code:
        $uname $_POST['uname'];
    
$pwd $_POST['pwd'];
    
$epwd md5('$pwd');
    
    
printConnect();
    
    
$query "SELECT * FROM login";
    
$result mysql_query($query)
        or die (
"Couldn't query data" mysql_error());
        
    
$row mysql_fetch_assoc($result);
    
    if(
$uname != $row['username']) {
        
$_SESSION['error'] = 'Username does not exist!!';
        
header('Location: index.php');
    }
    else {        
        
$query "SELECT * FROM login WHERE username = '$uname'";
        
$result mysql_query($query)
            or die (
"Couldn't query data" mysql_error());
        
        
$row mysql_fetch_assoc($result);
        
        
$pwdc $row['password'];
        
        if(
$epwd != $pwdc) {
            
$_SESSION['error'] = 'Username does not exist!!';
            
header('Location: index.php');
        }
        else {
            
$_SESSION['loggedIn'] = TRUE;
            
$_SESSION['uname'] = $uname;    
        }
        
header('Location: index.php');
    }