I would just get the password from the db where username = $POST["username"]. Then check if the password is the password from the database, if it is $_SESSION["username"] = $username; , else exit("Wrong user/pw combination).
Code:
<?php
require("config.php");
$query = mysql_query("SELECT * FROM users WHERE username = '$_POST["uname"];");
$r = mysql_fetch_array($query);
if ($_POST["pass"] == $r["password"]) {
$_SESSION["username"] = $_POST["uname"];
echo "Logged in Successfully.";
} else {
echo "Wrong user / pw combination.";
}
?>