amznVibe - 12:18 pm on Nov 23, 2008 (gmt 0) That's probably your problem.
$pass = mysql_real_escape_string($pass);
Slashes won't show up when displayed but they are in the string and will fail comparison. You also don't need to escape a string until you are ready to place it into the db via a mysql call.
That's probably your problem.