Coming down to the wire and giving things a final check before I add the logging of the logins and prevent brute force attacks. I check two different tables- one for admins and one for members. There are two types of admins: superuser, which can only work with members. The true admins can work on both admins and members alike. Trouble is, I can log in as an admin without a problem, but any superuser accounts I create says the username or password is wrong.

error_reporting(E_ALL);
session_start();

include('config.php');

$user_table="users";
$admin_table="authorize";

$attempts=0;
// username and password sent from form
$myusername=mysql_real_escape_string((addcslashes($_POST['username'], "%_")));;
$mypassword=mysql_real_escape_string((addcslashes($_POST['password'], "%_")));;


$sql="SELECT * FROM $admin_table WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect
$_SESSION['username']= $row['username'];
$_SESSION['useraccess']= $row['access_level'];

header("location:http://cbn.us/testing/members/main/admin/index.php");
}
else {

$sql="SELECT * FROM $user_table WHERE member_login='$myusername' and member_password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
// Register $myusername, $mypassword and redirect
$_SESSION['login']= $row['member_login'];
$_SESSION['id']= $row['contactid'];
$_SESSION['useraccess']= 'User';

header("location:http://cbn.us/testing/members/main/index.php");
}
else{
echo "Wrong Username or Password";

echo '<meta http-equiv="refresh" content="2;url=index.php">';
}
}
Thanks!