PHP Login without redirect.

Question

Please assist. I have a login page that I want to basically do the following:

1.) Login Form (Username and Password) 2.) Use cookies, so if the user comes back they do not have to login 3.) When the user logs in, rather that redirect to another page, just refresh the current page, replacing the login form with a "Welcome "Username"" display.

I am very close, but I am getting an error at lines 83 and 84. It does show logged in successfully. ( $result = mysqli_query($conn,"SELECT * FROM phpfb_users WHERE user='".$username."' and password = '".$password."'"); $row = mysqli_fetch_array($result);)

Any ideas what I am missing. Also, this login script is being used within Joomla. I am not using Joomla Authentication, as the program I am running has its own login process.

<?
  session_start();

$subtitle="Login";
ob_start();
require("header2.php");
//Get any form data.
$football->WhoOnlineDelete;

$username=$_POST['username'];
$password=$_POST['password'];

if ($_POST)
{

    if ($username=="")
    {
                $football->ErrorMessage("Please enter a username.");
    }
        elseif ($password=="")
    {
                $football->ErrorMessage("Please enter your password.");
    }
      else
    {
//Verify the password and redirect to default page if correct.
     $sql="select * from ".$football->prefix."users where user = '".$username."'";
         $rs = $football->dbQuery($sql,$football->database);
         $row = mysql_fetch_object($rs);
         $rows = mysql_num_rows($rs);
      if($rows == 0)
      {
                $football->ErrorMessage("User '".$username."' not found.");
      }
      elseif (md5($password) != $row->password)
      {
                $football->ErrorMessage("Incorrect password, please reenter.");
      }
       else
      {

        $user=$row->user;
        if ($row->name =="") {
        $uname=$row->user;
        } else {
        $uname=$row->name;
        }
        $_SESSION['uname'] = $uname;
        $_SESSION['user'] = $user;

      }

    }


  }


//}
  else
{
//Set test cookie.
  setcookie("football","peanutbutter",0,"/",$football->domain,0);
}
?>
<div>
<div style="display:block;margin:0px auto;">
<?php if(empty($_SESSION["user"])) { ?>
<form name="loginform" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">

 <div class="error-message"><?php if(isset($message)) { echo $message; } ?></div> 
 <div class="field-group">
  <div><label for="login">Username: </label>
  <input name="username" type="text" class="input-field">
 
<label for="password">Password:</label>
  <input name="password" type="password" class="input-field"> 
<input type="submit" name="login" value="Login" class="form-submit-button"></span></div>
 </div>       
</form>
<?php 
} else { 
 $result = mysqli_query($conn,"SELECT * FROM phpfb_users WHERE user='".$username."' and password = '".$password."'");
 $row  = mysqli_fetch_array($result);
?>
<form action="" method="post" id="frmLogout">
<div class="member-dashboard">Welcome <?php echo $user; ?>, You have successfully logged in!<br>
Click to <input type="submit" name="logout" value="Logout" class="logout-button">.</div>
</form>
</div>
</div>
<?php } ?>
</body>
<script type='text/javascript'>
      document.loginform.username.focus();
      document.loginform.username.select();
</script>