[PHP] Login systeem probleem

<?
header("Pragma: ");
header("Cache-Control: ");
header("Expires: Mon, 26 Jul 1980 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
//set global variables
global $username,$password;

//header("Pragma: no-cache");
// EDIT HERE TO SUIT YOUR NEEDS
//set usernames and passwords
//only letters and numbers (no spaces) Known as can contain spaces
$uname[1] = "demo"; 
$upass[1] = "demo";
$known_as[1] = "demouser";
//additional users can be added
//$uname[2] = "demo"; 
//$upass[2] = "demo";
//$known_as[2] = "demouser";


//the login page
$login_page = "index.php";
//where to go after login
$success_page = "1.php";
//the path to validate.php
$validate_path = "validate.php";
//login failed error message
$login_err = '<div align="center">Your User Name or Password was incorrect</b></div>';
//no fields filled in
$empty_err = '<div align="center"><b>You need to login with your User Name and Password</b></div>';
//something entered that wasn't a letter or number error message
$chr_err = '<div align="center"><b>Please retry</b></div>';
// DO NOT EDIT BELOW HERE

//if the form is empty and the cookie isn't set
//then display error message the return to login
    if($username == "" && $password == ""  && !isset($_COOKIE["this_cookie"])){
        print($empty_err);
        include($login_page);
        exit();
    }

//if the form is not empty and the cookie isn't set
//then make sure that only letters and numbers are entered
//if there are then display error message the return to login
    if($username != "" || $password != ""  && !isset($_COOKIE["this_cookie"])){ 
        if (preg_match ("/[^a-zA-Z0-9]/", $username.$password)){    
            print($chr_err);
            include($login_page);
            exit();
        }
    }

//if the cookie isn't set
if (!isset($_COOKIE["this_cookie"]) ){
$user_count = count($uname);
$user_exists = false;

// check through all the users to see if they exist
for ($i = 1; $i <= $user_count; $i++) {
    if ($uname[$i] == $username && $upass[$i] == $password){
    $user_id=$i;
    //$welcome_name = $known_as[$i];
    $user_exists = true;
    }
}

if(!$user_exists){
        print ($login_err);
        include($login_page);
        exit();
}

//if the login is correct then set the cookie
$cookie_val=crypt($uname[$user_id]);
//set the cookie so it dies when the browser is closed 
setcookie ("name", $known_as[$user_id], 0);
setcookie ("this_cookie", $cookie_val, 0);
header("Location: $success_page"); 
exit();
}

//if a user tries to access validate.php directly and they are logged in
if($REQUEST_URI == $validate_path){
echo "<html>\n<head>\n";
echo "<title>Yor are logged in</title>\n";
echo "</head>\n";
echo "<body bgcolor=\"white\">\n";
echo "You are logged in.   <a href=\"".$success_page."\">Continue</a>\n";
echo "</body>\n";
echo "</html>\n";

}

?>

<?
//if no cookie is set then display the form
if(!isset($_COOKIE["this_cookie"])){
echo '<div align="center"><form action="validate.php" method="post">';
echo 'username : <input type="text" name="username"><br><br>';
echo 'password : <input type="password" name="password"><br><br>';
echo '<input type="submit" value="login"></form></div>';
}else{
echo "You are already logged in.   <a href=\"1.php\">Continue</a>";
}
?>
    </td>
</tr>
</table>
</body>
</html>