Untitled

<?php
$dbuser = "note";
$dbpass = "note";
$dbname = "note";
$table = "table3";
$table2 = "table2";
if ($_POST["user"] && $_POST["pass"] && !$_COOKIE["login"]) {
  $user = md5($_POST["user"]);
  $pass = md5($_POST["pass"]);
  $sql = mysql_connect('localhost', '$dbuser', '$dbpass') or exit(mysql_error());
  mysql_select_db('$dbname', $sql) or exit(mysql_error());
  $query = mysql_query("SELECT * FROM $table WHERE (`username`, `password`) = ('$user', '$pass')") or exit(mysql_error());
  $info = mysql_fetch_array($query);
  if ($info) {
    setcookie("login", $_POST["user"], time()+3600);
  }
}
elseif ($_COOKIE["login"]) {
  $user = $_COOKIE["login"];
  print("<center>You are logged in as $user</center>");
  if ($user == kingskrown) {
    #mysql_query("INSERT INTO $table (`username`, `password`) VALUES ('username', 'password')") or exit(mysql_error());
  }
  $sql = mysql_connect('localhost', '$dbuser', '$dbpass') or exit(mysql_error());
  mysql_select_db('$dbname', $sql) or exit(mysql_error());
  if ($_POST["msg"]) {
    $msg = $_POST["msg"];
    $time = date("[H:i:s]");
    mysql_query("INSERT INTO $table2 (`time`, `user`, `msg`) VALUES ('$time', '$user', '$msg')") or exit(mysql_error());
  }
  $info = mysql_query("SELECT * FROM $table2") or exit(mysql_error());
  while ($read = mysql_fetch_array($info)) {
    $msg = "$msg\n$read[0] <$read[1]> $read[2]";
  }
}
:
?>
<html>
<form action="<?php print($_SERVER["PHP_SELF"]); ?>" method="post">
<center>
username
<input name="user" type="text" maxlength="12" value="">
password
<input name="pass" type="password" maxlength="30" value="">
<input name="login" type="submit" value="login">
</center>
<center>
<textarea name="box" rows="10" cols="75" readonly="readonly"><?php print($msg); ?></textarea><br>
<input type="text" name="msg" maxlength="50" value=""/><input type="submit" value="Shout"><br>
</center>
</form>
</html>