I`m using user authentication against database driven values!
After the user has been verified I register Username and password as session variables!
The form looks like this!

<?php
session_start();

if ((!$_SESSION[username]) ¦¦ (!$_SESSION[password])) {

echo"
<HTML>
<HEAD>
<TITLE>My Login Form></TITLE>
</HEAD>

<FORM ACTION=\"login1.php\" METHOD=\"post\">

<table border=0>
<tr>
<td><strong>User name:</strong></td>
<td><input type=\"text\" name=\"username\"></td>
</tr>
<tr>
<td><strong>Password:</strong></td>
<td><input type=\"password\" name=\"password\"></td>
</tr>
<tr>
<td>
<input type=\"submit\" value=\"Validate Me\">
</td>
</tr>
</table>
</FORM>
</BODY>
</HTML>";
}
else
{ header("Location: menu.php");
}
?>

and in processing script I register username and password:-

<?php
session_start();

$conn = mysql_connect("localhost", "root") or die(mysql_error());

$db = mysql_select_db("database", $conn) or die(mysql_error());

$sql = "SELECT id FROM users WHERE user='$_POST[username]' and password=
'$_POST[password]'";

$result = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_array ( $result );

$id = $row["id"];
$username=$_POST["username"];
$password=$_POST["password"];

if (mysql_num_rows($result) == 1) {

session_register("id");
session_register("username");
session_register("password");

header("Location: menu.php");

}
else {
echo "You`re not authorized to see this page!";
echo "<p><a href=form.php>Please login!</a></p>";
}

?>

I carry on username and password as session variables and it works fine unless the PHP settings are set to display all warnings and errors!

Then after starting form.php (the most upper script)I get:

Notice: Use of undefined constant username - assumed 'username' in c:\apache\htdocs\iwa2003_12\form.php on line 4

Notice: Use of undefined constant password - assumed 'password' in c:\apache\htdocs\iwa2003_12\form.php on line 4

How do I get rid of this! It`s very important!
If my authentication system is bad could you suggest something else?