Try this:
<?php
session_start();
include ("db_connect.php");
$errors = [];
// Assigning the variables
if ( isset($_POST['username']) && !empty($_POST['username']) ) {
$username = $_POST['username'];
} else {
$errors[] = "Username cannot be blank <br />";
}
if ( isset($_POST['password']) && !empty($_POST['password'])) {
$password = $_POST['password'];
} else {
$errors[] = "Password cannot be blank <br />";
}
if( isset($username) && isset($password) )
{
$password = sha1($password);
$queryget = mysql_query("SELECT * FROM users WHERE username="$username" AND password='$password'");
$numrows = mysql_num_rows($queryget) or die(mysql_error());
if($numrows != 0) {//if they can find it in the database
$_SESSION['username'] = $username; //starts the session
header("Location: members.php"); //log in
exit;
} else {
$error[] = 'Incorrect Username or password';
}
} else {
foreach ($errors as $error) {
echo $error . "<br />";
}
}
Hope this helps.