$query = "SELECT * FROM `users` WHERE username='$username' and password='"

1. $query = "SELECT * FROM `users` WHERE username='$username'
2.                     and password='".md5($password)."'";
3.    
4.         $result = mysqli_query($con,$query) or die(mysql_error());
5.         $rows = mysqli_num_rows($result);
6.        
7.         if($rows==1)
8.         {
9.             $_SESSION['username'] = $username;
10.            
11.             header("Location: index.php");
12.         }
13.         else
14.         {
15.         }