Untitled

<?php
$flag = false;
if(isset($_POST['btnSubmit']))
{
	if(!isset($_POST['txtUsername']) || empty($_POST['txtUsername']))
	{
		echo "<p>Please enter a username.</p>";
	}
	if (!isset($_POST['txtPassword']) || empty($_POST['txtPassword']))
	{
		echo "<p>Please enter a password.</p>";
	}
	else if(empty($error_message))
	{
		$conn = mysql_connect("localhost", "twastudent", "prac3")
		or die('Database not found.' . mysql_error());
		mysql_select_db("MPS", $conn)
		or die('Problem with query' . mysql_error());
		$sql = "SELECT reviewerid, password FROM reviewer";
		$rs = mysql_query($sql, $conn);
		if (mysql_num_rows($rs)> 0 )
		{
			session_start();
			$_SESSION["who"] = $id;
			$_SESSION["level"] = mysql_result($rs,0,"level");
			header("location: MPS_List.php");
		}
	}
}
?>

<form action="login.php" method="POST">
<p>
<span>Username:</span>
<input type="text" name="txtUsername" />
<br />
<span>Password:</span>
<input type="password" name="txtPassword" />
<br />
<br />
<input name="btnSubmit" type="submit" value="Log In"/>
</p>
</form>