Execute($sql) or die(db_error($sql, false, $db)); // here we should have username and password // password should be not md5ing, it should be as user type it in HTML form $user = $db->FetchRow(); } return $user; } ?>