PHP验证登录用户名和密码

<html>
<head>用户登录</head>
<form name="LoginForm" method="post" action="login.php" onSubmit="return InputCheck(this)">
<p>
<label for="username" class="label">用户名:</label>
<input id="username" name="username" type="text" class="input" />
<p/>
<p>
<label for="password" class="label">密 码:</label>
<input id="password" name="password" type="password" class="input" />
<p/>
<p>
<input type="submit" name="submit" value="  确 定  " class="left" />
</p>
</form>
</html>

<?php
//登录
if(!isset($_POST['submit'])){
exit('非法访问!');
}
$username = htmlspecialchars($_POST['username']);
$password = MD5($_POST['password']);

//包含数据库连接文件
include('conn.php');
//检测用户名及密码是否正确
$check_query = mysql_query("select userid from user_list where username='$username' and password='$password' limit 1");
if($result = mysql_fetch_array($check_query)){
//登录成功
session_start();
$_SESSION['username'] = $username;
$_SESSION['userid'] = $result['userid'];
echo $username,' 欢迎你！进入 <a href="my.php">用户中心</a><br />';
echo '点击此处 <a href="login.php?action=logout">注销</a> 登录！<br />';
exit;
} else {
exit('登录失败！点击此处 <a href="javascript:history.back(-1);">返回</a> 重试');
}

//注销登录
if($_GET['action'] == "logout"){
unset($_SESSION['userid']);
unset($_SESSION['username']);
echo '注销登录成功！点击此处 <a href="login.html">登录</a>';
exit;
}

?>

<?php
session_start();

//检测是否登录，若没登录则转向登录界面
if(!isset($_SESSION['userid'])){
header("Location:login.html");
exit();
}
//包含数据库连接文件
include('conn.php');
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
$user_query = mysql_query("select * from user_list where userid = '$userid' limit 1");
$row = mysql_fetch_array($user_query);
echo '用户信息：<br />';
echo '用户ID：',$userid,'<br />';
echo '用户名：',$username,'<br />';
echo '<a href="login.php?action=logout">注销</a> 登录<br />';
?>

<?php

$conn = mysql_connect("127.0.0.1","root","") or die("数据库链接错误".mysql_error());
mysql_select_db("info_db",$conn) or die("数据库访问错误".mysql_error());
mysql_query("set names gb2312");
?>