Probably something like this. Forgive me if I made any typos. You might need to change some things to suit your needs. I am using $_GET['target'] to get the target's name. You can change the method to get the name though, it doesn't matter.
<?php
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("members") or die(mysql_error());
$username = $_COOKIE['ID_my_site'];
$target = $_GET['target'];
$result = mysql_query("SELECT `location` FROM `users` WHERE `username` = '$username'") or die(mysql_error());
$row = mysql_fetch_row($result);
$mylocation = $row[0];
$result = mysql_query("SELECT `location` FROM `users` WHERE `username` = '$target'") or die(mysql_error());
$row = mysql_fetch_row($result);
$hislocation = $row[0];
IF ($mylocation == $hislocation) {
//they can attack
}
else {
//they can't attack
}
?>