Login PHP

<?php
session_start();
error_reporting(E_ALL^ E_NOTICE);
//include the connection and variable defination page
include("include/server.php");
include("include/function.php");
//checking the form has been submit by user or not
if(isset($_POST['cmdSubmit']) and $_POST['cmdSubmit']="Login")
{
//$refLink  = $_SERVER['HTTP_REFERER'];
$refLink    = "index.php?err_msg=1";
$user = addslashes($_POST['username']);
$pass = addslashes($_POST['password']);
$remember = $_POST['remember'];

$strErrorMessage = "";
if($user==""){
    $strErrorMessage = "User Name can not be blank";
}
if($pass==""){
    $strErrorMessage = "Password can not be blank";
}
if($user=="" and $pass==""){
    $strErrorMessage = "User Name and Password can not be blank";
}

if($strErrorMessage=="")
{

    if(isset($_POST['remember'])){
        //removing all the cookie at set the user name password in cookies
        unset($_COOKIE[session_name()]);
        setcookie("usernamex", $_POST['username'], time()+60*60*24*100);
        setcookie("userpassx", $_POST['password'], time()+60*60*24*100);
        setcookie("rememberx", $_POST['remember'], time()+60*60*24*100);
    }else{
        if(isset($_COOKIE['rememberx']) && isset($_COOKIE['usernamex']) && isset($_COOKIE['userpassx']))
        {
            unset($_COOKIE[session_name()]);
            setcookie("usernamex", $_POST['username'], time());
            setcookie("userpassx", $_POST['password'], time());
            setcookie("rememberx", $_POST['remember'], time());
        }
    }

    $sqlLogin   = "select * from member_mast where username = '".$user."' and password = '".$pass."' and is_deleted_flg=0 and is_profile=0";
    $queryLogin = mysql_query($sqlLogin) or die(mysql_error()." Please check the Query");
    $totLogin   = mysql_num_rows($queryLogin);

    //here checking the user is authorized or not
    if($totLogin>0)
    {
        $rsLogin                = mysql_fetch_array($queryLogin);
        $_SESSION['uid']        = trim($rsLogin['username']);
        $_SESSION['memberid']       = trim($rsLogin['user_id']);
        $_SESSION['userType'] = trim($rsLogin['member_role']);

        if(isset($_POST["page"]) and trim($_POST["page"])!="")
        {
            $pageName       = trim($_POST["page"]);
            $pagepassId     = trim($_POST["pageid"]);
            $redirect_url   = "http://www.fakesite.com/fspv2/welcome.php?page=".$pageName."&pageid=".$pagepassId;
        }
        else
        {
            //$redirect_url = "http://www.fakesite.com/fspv2/welcome.php";
            //$redirect_url = "welcome.php";
            $redirect_url   = "welcome.php";
        }
//header("Location: ".$redirect_url);
?>
        <script>window.location.href="<?php echo $redirect_url; ?>";</script>
      <!--  <meta http-equiv="refresh" content="0;url=<?php echo $redirect_url; ?>">    -->
<?php
}
else
{
        $displayMessage = "Login failed. If you are authorized, try again";
        session_destroy();
        $state = "inv";
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['password'] = $_POST['pass'];
        $username = $_SESSION['username'];
        $password = $_SESSION['password'];
    ?>
        <script>window.location.href="<?php echo $refLink; ?>";</script>
    <?php
    }
}
else
{
    $state = "inv";
    $_SESSION['username'] = $_POST['userid'];
    $_SESSION['password'] = $_POST['pass'];
    $username = $_SESSION['username'];
    $password = $_SESSION['password'];
    $displayMessage = $strErrorMessage;
?>
    <script>window.location.href="<?php echo $refLink; ?>";</script>
<?php
}
}
 //header("Location: ".$refLink);
?>
<!--<script>window.location.href="<?php echo $refLink; ?>";</script>--> <!-- <meta http-equiv="refresh" content="0;url=<?php echo $refLink; ?>">  -->