Web Programming with PHP: 28 Checking if User Is Logged

login_action.php

<?php
session_start();

include "db.php";

$username = $_POST["username"];
$password = $_POST["password"];
$sql = "SELECT email, password FROM users WHERE email = '$username' and password = md5('$password')";
$result = mysql_query($sql, $link);

if($result == false) {
  echo '<a href="login.php">Error: cannot execute query</a>';
  exit;
}

$num_rows = mysql_num_rows($result);
if($num_rows == 1) {
  $_SESSION["login"] = "OK";
  $_SESSION["username"] = $username;
 $redirect = "private.php";
}
else
 $redirect = "login.php";

mysql_free_result($result);
mysql_close($link);

header("Location: $redirect");
?>

control.inc

<?php
  session_start();

  if(!(isset($_SESSION["login"]) && $_SESSION["login"] == "OK")) {
    header("Location: login.php");
    exit;
}
?>

private.php

<?php
  include "control.inc";
  include "header.php";
  include "menu.inc";
?>

<h1>Welcome!</h1>
<p>
<a href="exit.php">Exit</a>
</p>

<?php	
  include "footer.php";
?>

exit.php

<?php
  session_start();
  session_destroy();
  header("Location: login.php");
?>