Untitled

<?php
require('config.php');
$username = $_POST['username'];
$password = md5($_POST['password']);
$sql = 'SELECT * FROM members WHERE username="'.$username.'" AND password="'.$password.'" LIMIT 1;';
$rezult = mysql_query($sql);
if($row = mysql_num_rows($rezult)) {
session_start();
$_SESSION['username'] = $row['username'];
$_SESSION['rank'] = $row['rank'];
$_SESSION['handle'] = $row['handle'];
$_SESSION['id'] = $_POST['id'];
$handle = $row['handle'];
$id = $session_id['id'];
$rank = $row['rank'];
//echo 'Welcome ' . $handle . '! Click <a href="logout.php">here</a> to logout.<br />';
header("Location: /commonroom/");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>login</title>
</head>
<body>
<?php if(!isset($_SESSION['username'])&&$_SESSION['username'] == '') {
echo'
<form method="post"><label>Username: </label><input name="username" type="text"><br />
<label>Password: </label><input name="password" type="password">
<input name="id type="hidden" value=".$id.">
<input type="submit" value="Log In"></form>';
}
else header("Location: /commonroom/"); ?>
</body>
</html>