if($_POST[submit]){
$username = str_replace(" ","",$_POST[username]);
$sql="select * from user_list where \'username\' = \'$usernmae\'";
$query=mysql_query($sql);
$us=is_array($row=mysql_fetch_array($query));
$ps=$us?md5($_POST[password].ALL_PS)==$row[password]:false;
if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
}
}