if($_POST['action'] == "login"){ $dbGET_USER = mysql_fetch_object($db->query("

1. if($_POST['action'] == "login"){
2.     $dbGET_USER = mysql_fetch_object($db->query("SELECT u.*, up.* FROM users u INNER JOIN users_profiles up ON up.user_id = u.user_id WHERE u.username = '".addslashes($_POST['login_username'])."' AND u.password = MD5(CONCAT(MD5('".addslashes($_POST['login_password'])."'), MD5(u.password_salt)))"));
3.     if($dbGET_USER->user_id){
4.         $_SESSION['user_id'] = $dbGET_USER->user_id;
5.         $_SESSION['group_id'] = $dbGET_USER->group_id;