Hi,
You have code very nice but as per my opinion there are some points which you can write in better way like you have write retrieve user data query multiple times which is not necessary.
Note: I used mysql_query instead of mysqli_query.. vice versa..
1. $sql = "SELECT COUNT(*) FROM users WHERE email = '$username'"; This query is ok because you want to verify whether the email is exist or not. But instead of getting count just run the query with LIMIT 1 as I belive the email should be unique.
<pre>
$sql = "SELECT * FROM users WHERE email = '$username' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
//now you can simply check the count
if(mysql_num_rows($result)==1) {
// continue next loop
}
Now instead of writing to get the password write to pull all the details with combination of email and password. But, before you make sure you convert the password in the format which you store in the database.
$password = md5($password);
$sql = "SELECT * FROM users WHERE email = '$username' AND password = '$password'";
$result = mysql_query($sql);
if(mysql_num_rows($result)==1){
session_start();
$row = mysql_fetch_array($result);
$_SESSION['email'] = $row['email'];
$_SESSSION['uID'] = $row['id'];
header("location:main.php");
}
Now, in the other page, at the beginning of the page just include session_start() at the top.
session_start();
$uID = $_SESSION['uID'];
$getUserData = "SELECT * FROM users WHERE id = '$uID' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
Note: there will more code to check session exist, destroy session .. which you have to check.. ok
I hope this make you a little idea. There are many other clean way like using function or oops so that you can write the code separately but I suggest the code as per your flow.
Thanks!
Robin