if(isset($_POST['login'])) { $username = mysql_real_escape_string(strip_tags(

1.     if(isset($_POST['login'])) {
2.     $username = mysql_real_escape_string(strip_tags($_POST['username']));
3.     $password = mysql_real_escape_string(strip_tags($_POST['password']));
4.     $enc_password = hash('sha512', $password);
5.    
6.     $q = "SELECT * FROM user WHERE username='".$username."' AND password='".$enc_password."'";
7.         $res = mysql_query($q) or die(mysql_error());
8.        
9.         if(mysql_num_rows($res) < 1 || empty($username) || empty($enc_password)) {
10.             header('Location: user.php?loginerror=');
11.             exit;
12.         }