Kritik af login script.

Hejsa.

Har siddet og rodet lidt med et login script og vil meget gerne have kommentarer til det i henhold til sikkerhed og alt andet der kunen være relevant (Er det godt, dumt, usikkert etc.?).

Scriptet er fundet på nettet og kun meget lidt ændret :)

$host="127.0.0.1"; // Host name
    $username="root"; // Mysql username
    $password=""; // Mysql password
    $db_name="test"; // Database name
    $tbl_name="members"; // Table name
   
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");
   
    // Define $myusername and $mypassword
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];
   
    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
   
    $mypassword=md5($_POST['mypassword']);
   
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);
   
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row
   
    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    //session_register("mypassword");
    header("location:index.php?page_id=$page_id");
    }
    else {
    echo "Wrong Username or Password";
    }