if ($_GET['task'] == "login") { $user = addslashes($_POST['user']); $pass

1. if ($_GET['task'] == "login") {
2.     $user = addslashes($_POST['user']);
3.     $pass = md5($_POST['pass']);
4.  
5.     $query = "SELECT * FROM users WHERE username='$user' and password='$pass'";
6.     $user = mysql_fetch_array(mysql_query($query));
7.     if ($user['uid'] == "") header("location:./?strana=home&notification=badlogin");
8.     else {
9.     $_SESSION['uid'] = $user['uid'];
10.     $_SESSION['user'] = $user['user'];
11.     if ($user['head'] == "1")
12.     $_SESSION['head'] = $user['head'];
13.     header("location:./?strana=admin");
14.     }
15. }