Checking membership status and loggin in

Checking membership status and loggin in

Can somebody push me in right direction and tell what is wrong with this
code. I am not receiving any errors however it is not logging me in
either. The idea was to have a row called memb in the sql database and
check if the status is 1 or 0. If it is 1, it would take you to the
secured page and if 0 it would give you the subscibing page
<?php
require_once('config.php');
if(isset($_POST['Login']) && isset($_POST['uname']) &&
isset($_POST['pass1'])) {
// Here check if all input are sent
$uname = $sql-> real_escape_string($_POST['uname']);
$pass1 = $sql-> real_escape_string($_POST['pass1']);
if ( !empty($uname) && !empty($pass1)) {
// Check if you input are not empty
$query= mysqli_query($sql,"SELECT * FROM login WHERE uname='".$uname."'
AND pass='".$pass1."' && memb='?'");
if(!$query){ die(mysqli_error($sql)); }
$checkuser= mysqli_num_rows($query);
if($checkuser != 1) {
$error = "Username doesn't exist in our database!";
}
// Change $login with $query
while ($row = mysqli_fetch_array($query)) {
$checkpass= $row['pass'];
while ($row = mysqli_fetch_array($query)) {
$checkmemb= $row['memb'];
// here i changed $pass1 to $checkpass
if ($pass1 == $checkpass && $memb == 0){
setcookie("user", $uname, time()+7200);
$_SESSION['user'] = $uname;
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
header("Location: pay.php");
exit();
} elseif($pass1 == $checkpass && $memb == 1) {
setcookie("user", $uname, time()+7200);
$_SESSION['user'] = $uname;
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
header("Location: main.html");
exit();
}
}
}
}
}