Untitled

<?
session_start();
echo 'Welcome to private message system!';
echo '<form method="POST">
Username:
<input type="text" name="Username">
<br>Password:
<input type="password" name="pass">
<br><input type="submit" name="goo" value="Login">
</form>';
mysql_connect('host','user','pass');
mysql_select_db('Oh, this is tralala');
if ($_POST['goo']=='Login'){
$username=$_POST['Username'];
$password=$_POST['pass'];
$query='SELECT * FROM Users WHERE Username=.$username. AND Password=.$password.';

$q=mysql_query($query);
if ($q==true) {
	while ($row=mysql_fetch_assoc($query)){
	str_replace('||','<br>', $row['Messages']);
	echo $row['Messages'];
}
		$_SESSION['isLogged']==true;
		$_SESSION['Username']=$_POST['username'];
		echo '<br><a href="privatemessage.php?send=true">Send a message</a>'
}
elseif ($query==false){
echo 'Wrong username or passsword!';
}
}

if ($_SESSION['isLogged']==true && $_GET['send']==true){
echo '<form method="POST">
Username to send to:
<input type="text" name="usernametosend">
<textarea rows="10" cols="20" name="Message">
Enter your message text here :)
</textarea>
<input type="submit" name="goez123" value="Send">';
		if ($_POST['goez123']='Send'){
		$msgfrom=$_SESSION['username'];
		$msgseperator='||';
		$oldstuff='SELECT * FROM Users WHERE Username='.$_POST['usernametosend'].'';
		$oldq=mysql_query($oldstuff);
		$oldmsg=mysql_fetch_assos($oldq);
		$msgcontent='From: '.$msgfrom.$oldmsg['privatemssages'].$msgseperator.$_POST['Message'];
		$newq='UPDATE SET privatemessages = '.$msgcontent.' WHERE Username='.$_POST['usernametosend'].'';
		mysql_query($newq);
		echo 'Friend Added :)';
		}
}