Untitled

<?php

include_once 'database_connect.php';

function validateUser($username, $pw)
{
	$pw = mysql_real_escape_string($pw);
	$username = mysql_real_escape_string($username);
	$hashed_pass = md5($pw);
	$query = "select * from users where username = '$username' and pass = '$hashed_pass'";
	echo $query;

	// comment the next line back in when database is up

	$result = mysql_query($query);
	echo mysql_num_rows($result);
	if(mysql_num_rows($result) != 1)
	{
		echo "<br/>ERROR: Invalid username and/or password, please re-enter your username and password.";
	}
	else
	{
		session_start();
		$_SESSION["username"] = $username;
		//$_SESSION["uid"] = $
	}
}
?>