Don't leave your passwords laying around for others to find. MD5 has them into a database (or other storage) & compare the results.

======================================================

function login() {
	$err=2;
	if(isset($_POST['username'])) {
		$username=$_POST['username'];
		$err--;
	}
	if(isset($_POST['password'])) {
		$password=md5($_POST['password']);
		$err--;
	}
	if($err!=0) {
		die("Required fields were not supplied");
	}
	$query = "SELECT COUNT(*) FROM customer WHERE LOGINNAME ='{$username}' AND PASSWORD='{$password}';";
	$sql = mysql_query($query) or die(mysql_error());
}