php 用户cookie登录验证与mysql数据登录验证的方法

<?php 
	unset($username); 
	if ($_COOKIE[&#39;login&#39;]) { 
	    list($c_username,$cookie_hash) = split(&#39;,&#39;,$_COOKIE[&#39;login&#39;]); 
	    if (md5($c_username.$secret_word) == $cookie_hash) { 
	        $username = $c_username; 
	    } else { 
	        print "You have sent a bad cookie."; 
	    } 
	} 
	 
	if ($username) { 
	    print "Welcome, $username."; 
	} else { 
	    print "Welcome, anonymous user."; 
	} 
	 

<html> 
	 
	 <head> 
	  <title>Log-In Page</title> 
	 </head> 
	 
	 <body> 
	 Please enter your user details to log-in here... 
	 
	 <form action = "authenticate.php" method = "post"> 
	 Username:<br> 
	 <input type = "text" name = "username"> 
	 <br><br> 
	 Password:<br> 
	 <input type = "text" name = "password"> 
	 <br><br> 
	 <input type = "submit" value = "Log In"> 
	 </form> 
	 
	 </body> 
	 
	</html> 

 class="brush:php;"><?php 
	 
	$username = $_POST[&#39;username&#39;]; 
	$password = $_POST[&#39;password&#39;]; 
	$self =     $_SERVER[&#39;PHP_SELF&#39;]; 
	$referer =  $_SERVER[&#39;HTTP_REFERER&#39;]; 
	 
	if( ( !$username ) or ( !$password ) ) 
	{ header( "Location:$referer" ); exit(); } 
	 
	$conn=@mysql_connect( "localhost", "userName", "password" ) or die( "Could not connect" ); 
	 
	$rs = @mysql_select_db( "my_database", $conn ) or die( "Could not select database" ); 
	$sql = "select * from users where user_name="$username" and password = password( "$password" )"; 
	 
	$rs = mysql_query( $sql, $conn ) or die( "Could not execute query" ); 
	 
	$num = mysql_numrows( $rs ); 
	 
	if( $num != 0 ) 
	{  
	  $msg = "<h3>Welcome $username - your log-in succeeded!</h3>"; 
	} 
	else 
	{ 
	  header( "Location:$referer" ); exit();  
	} 
	 
	 
	<html> 
	 
	 <head> 
	  <title>Log-In Authenticated</title> 
	  </head> 
	 
	  <body> 
	   <?php echo( $msg );  
	  </body> 
	 
	</html>