Hi,

I am on a shared hosting platform and i need to know if the following is secure login or not ?

This is login.php file:

Code:
<?php
session_start();

if (isset($_POST["btnLogin"]))
{
        $errcnt = 0;

        if (empty($_POST["username"])) { $errcnt++; $error[] = "Invalid Username"; }
        if (empty($_POST["password"])) { $errcnt++; $error[] = "Invalid Password"; }

        if ($errcnt == 0)
        {
                $_SESSION["username"] = $_POST["username"];
                $_SESSION["password"] = md5($_POST["password"]);

                header ("Location: index.php");
                exit ();
        }
}
?>
<h3 align="center">Login</h3>
<form method="post" action="login.php">
<table align="center" cellpadding="5" border="0" align="center">
<tr>
        <td align="right">Username:</td>
        <td><input type="text" name="username" size="30"></td>
</tr>
<tr>
        <td align="right">Password:</td>
        <td><input type="password" name="password" size="30"></td>
</tr>
<tr>
        <td colspan="2">&nbsp;</td>
</tr>
<tr>
        <td align="center" colspan="2"><input type="submit" name="btnLogin" value="Login" /></td>
</tr>
</table>
</form>
This is access.php file which is on top of every page and check the login details:

Code:
<?php
session_start();
require_once ("dbconn.php");

$errcnt = 0;

if (empty($_SESSION["username"])) { header ("Location: login.php"); }
if (empty($_SESSION["password"])) { header ("Location: login.php"); }

$q0 = sprintf ("SELECT * FROM users WHERE username = %s AND password = %s LIMIT 1", fix($_SESSION["username"]), fix($_SESSION["password"]));
$r0 = mysql_query($q0) or die("Query Failed");
if (mysql_num_rows($r0) <> 1)
{
        $_SESSION["username"] = "";
        $_SESSION["password"] = "";
        header ("Location: login.php");
}
?>
Please let me know. Thanks.