<?php
session_start();
$username=$_POST['username'];
$password=$_POST['password'];
if($username&&$password)
{

mysqli_select_db("user",$myconnection) or die("couldn't find db");
$sqlcommand="SELECT * FROM users where username='$username'";
$query= mysqli_query($myconnection,$sqlcommand);

$numrows= mysqli_num_rows($query);
if($numrows!==0)
{
    while($row= mysqli_fetch_assoc($query))
    {
        $dbusername=$row['username'];
        $dbpassword=$row['password'];
    }

    if($username==$dbusername&&md5($password)==$dbpassword)
    {
        echo "you are logged in!";
        $_SESSION['username']=$username;
    }
    else
        echo"your password is incorrect!";

}
else
    die("that user doesn't exits");
}
else
    die("please enter your username and password")
?>