Add session_start to the top of the script. This one is still wrong:
, as you cannot assign to a result of a function call (remember, $_SESSION("login") is trying to map $_SESSION to a callable function which will fail). Those must be changed to square braces.
Also, best to make sure your variables exist:
$Prename=isset($_POST['Prename']) ? trim($_POST['Prename']) : '';
$Surname=isset($_POST['Surname']) ? trim($_POST['Surname']) : '';
If the script is accessed without these two post variables, they will default to nothing without triggering a notice.
Watch the use of the operators as well. These are deceiving (though correct here as well), since both exist in PHP:
$Prename=="firstname1" && $Surname=="lastname1" or $Prename=="firstname2" &&
Notice your use of && and OR. PHP has all four ops for this: '&&' > '||' > '=' > 'AND' > 'OR', if you can read that ok. This works no problem since all levels of and override that of OR. This can be found on the precedence list here: http://php.ca/manual/en/language.ope...precedence.php
Notice if you switched things up:
$Prename == "firstname1" AND $Surname == "lastname1" || $Prename == "firstname2"...
The evaluation changes from logical: if ((prename AND surname) OR (prename.....) to: if (prename AND (surname OR prename) AND....), which is definitely not what you want.