on line 24:
$query = 'SELECT * FROM user, user WHERE '$user' = username AND '$pass' = password';
Why user twice?
$query = "SELECT * FROM user, user WHERE username = $user and password = $pass";
$query = "SELECT * FROM user, user WHERE username = " . $user ."and password = ". $pass;
The are both equivalent, just using different syntax. The first uses the "" combination that allows you to call a variable inside a string, the second - and one I prefer - keeps the string elements separate from the variables. While it is a bit more difficult to write, it is far superior - in my humble opinion - when you have to debug.