Untitled

<?php
session_start();
ob_start();
require('/home/phpboard/public_html/includes/config.php');
print_r($_SESSION);
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="username" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<html><center><a href="/pages/register.php">New User? Click here!</a><br><a href="/index.php">Click Here To Go To Main Page</a></center><html>
<?php
if(isset($_POST['submit']))
{
    $username = mysql_real_escape_string(stripslashes($_POST['username']));
    $password = mysql_real_escape_string(stripslashes($_POST['password']));
    $result = mysql_query("SELECT * FROM UserData WHERE username='".$username."' AND password='".$password."'") or die (mysql_error());
    $status = mysql_query("SELECT Status FROM UserData WHERE username='".$username."' AND password='".$password."'") or die (mysql_error());
    $reputation = mysql_query("SELECT Reputation FROM UserData WHERE username='".$username."' AND password='".$password."'") or die (mysql_error());
    $count=mysql_num_rows($result);

    if($count==1){
    $_SESSION['username']=$username;
    $_SESSION['reputation']=$reputation;
    $_SESSION['status']=$status;
    echo "<html><center><html>Login Successful!<html></center><html>";
    }
    else
    {
    echo "<html><center><html>Incorrect Username or Password!<html></center><html>";
    }
}
ob_end_flush();
?>