Untitled

<?php
session_start();
?>
<?php

require('config.php');

if ($con->connect_error) {
    die("Connection failed: " . $con->connect_error);
}

$sql = "SELECT id FROM users";
$result = $con->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        $ID = $row['id'];
    }
} else {
}
    // If form submitted, insert values into the database.
    if (isset($_POST['username'])){

        $username = stripslashes($_REQUEST['username']); // removes backslashes
        $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con,$password);

    //Checking is user existing in the database or not
        $query = "SELECT * FROM `users` WHERE username='$username' and password='".sha1($password)."'";
        $result = mysqli_query($con,$query) or die(mysql_error());
        $rows = mysqli_num_rows($result);
        if($rows==1){
            $_SESSION['username'] = $username;
            header("Location: https://sampdayz.ro/ucp"); // Redirect user to index.php
            }else{
                echo "<div class='form'><h3>Numele de utilizator sau parola gresita</div>";
                }
    }else{
    }
$con->close();
?>