php security and session variables

[script]

Alright guys heres what I'm trying to do.

I have a webpage, there are two text boxes, ones says username the other says password. I was the user to login and will have to use an if statment for that. The users name and password are stored in my database. Would I have to use a while() to go through every username till it found the right one or does php and mysql have a field search function?

Also after they are logged in I need to reuse their username and password a few times so they only need login once, whats the best and most secure way to do that using a session variable?

-script

[gmwebs]

This code answers all your questions... Feel free to ask questions if you don't understand something in the code...

[code]
<?php

// Convert POST data to simple variables
$username = $_POST['txtusername'];
$password = $_POST['txtuserpass'];

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); //Always try not to use * if you can specify individual fields instead
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('user_name');
$_SESSION['user_name'] = $username;
session_register('userid');
$_SESSION['userid'] = $userid;
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
$_SESSION['basic_is_logged_in'] = true;

mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

}
}

?>
[/code]