function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = db_connect();
  if (!$conn)
    return false;

  // check if username is unique
  $result = mysql_query("select * from user 
                         where username='$username'
                         and passwd = password('$password')");
  if (!$result)
     return false;
    if (mysql_num_rows($result)>0)
     return true;
  else 
     return false;
}