Untitled

<?php

    session_start();

    $username = $_POST['username'];
    $password = $_POST['password'];

    $search = array(
    '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
    '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
    );

    $password = preg_replace($search, '', $password);

    //Hash password in a new variable
    $password2 = md5($password);

    require_once "/home/a7435766/public_html/scripts/dbconnect.php";

    $query = mysql_query("SELECT * FROM userstwo WHERE username = '$username' && password = '$password2'");

    if(mysql_num_rows($query) != 0) {
        //Store username and password in a cookie
        if(isset($_POST['remember'])) {
            setcookie("username",$username,time()+3600*24*5,"/");
            setcookie("password",$password,time()+3600*24*2,"/");
            $_SESSION['setCookie'] = 'true';
        } else {
            setcookie("username","",time()-10,"/");
            setcookie("password","",time()-10,"/");

            unset($_COOKIE['username']);
            unset($_COOKIE['password']);
        }
        $_SESSION['username'] = $username;
        header('Location: http://www.ohjustthatguy.com/uploads/uploads.html');
    } else {
        //Pass userdne as a $_GET variable
        header('Location: http://www.ohjustthatguy.com/uploads/?userdne=true');
    }
?>