simple login php not working

Question

Created a simple login form but it doesnt seem to work.It always opens the admin page.

$username=$_POST["username"];
$password=$_POST["password"];

if(mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'",$con)){
session_start();
$_SESSION["username"]=$username;
$_SESSION["password"]=$password;
header('location:admin.html');
}
else{
echo "Login Failed.<a href=index.html>Re Login</a";
}

Need help.And here is the html part.

 <form method="post" id="loginform" action="validate.php">
<table>
    <tr>
        <td>
            <label>Username :</label>
        </td>
        <td>
            <input type="text" name="username"/>
        </td>
    </tr>
<br>
    <tr>
        <td>
            <label>Password :</label>
        </td>
        <td>
            <input type="password" name="password"/>
        </td>
    </tr>
<br>
    <tr>
        <td>
        <input type="submit" id="login" value="Log In" class="btn btn-primary"/>
        </td>
        <td>
            <input type="reset" id="reset" value="Reset" class="btn btn-primary"/>
        </td>
    </tr>
</table>

Need the working code in 2hrs else im dommed

Answer 1

mysql_query

For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.

Use mysql_num_rows()

Retrieves the number of rows from a result set.

$result = mysql_query(mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'",$con));
$row = mysql_num_rows($result);
if ($row > 0) {
   header('location:admin.html');

} else {
echo "Login Failed.<a href=index.html>Re Login</a";

}

Note

Mysql is deprecated instead use mysqli or PDO

Don't store plain password into database use hashing technic

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/faq.passwords.php

To prevent from sql injection check How can I prevent SQL injection in PHP??