login php mysql

1. <?php
2. include 'config.php';
3.  
4. $username = $_POST['username'];
5. $password = md5($_POST['password']);
6.  
7. $login = mysql_query("select * from user where username='$username' and password='$password'");
8. $cek = mysql_num_rows($login);
9.  
10. if($cek > 0){
11.     session_start();
12.     $_SESSION['username'] = $username;
13.     $_SESSION['status'] = "login";
14.     header("location:admin/index.php");
15. }else{
16.     header("location:index.php");  
17. }
18.  
19. ?>