No idea why I have ran it thru the validator. everything looks good except for it saying that my tags dont match and thats because they are in and out of php i think.

Code:
<?php 
  //clear error message
  $error_msg = "";
  
  //if user is not logged in attempt to log in
  if (!isset($_COOKIE['user_id'])){
    if (isset($_POST['submit'])){
      
      //connect to database
      $dbc = mysqli_connect('localhost', 'root', '', 'kickado')
        or die('Error connecting to MySQL server.');
            
      //grab login from form input
      $user_username = mysqli_real_escape_string($dbc, trim($_POST['user_name']));
      $user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));
      
      if (!empty($user_username) && !empty($user_password)){
        //compare the input with whats stored in database
        $query = "SELECT user_id, user_name FROM kickado_user WHERE user_name = '$user_username' AND" . 
        "password = SHA('$user_password')";
        $data = mysqli_query($dbc, $query);
        
        if (mysqli_num_rows($data) == 1){
          //Log in is confirmed set cookies and redirect to home page
          $row = mysqli_fetch_array($data);
          setcookie('user_id', $row('user_id'));
          setcookie('username', $row('user_name'));      
          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
          header('Location: ' . $home_url);
        }else {
          //username and password are incorrect display an error message
          $error_msg = 'Sorry, you must enter a valid username and password to log in';
        }
      }else {
         //username and password are blank display an error message
         $error_msg = 'Sorry, you must enter a valid username and password to log in';
      }      
    }    
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

  <title>KickADo | Your 30 seconds to fame!</title>   
  <link type = "text/css"
      href = "sign_in.css"
      rel = "stylesheet" />
</head>
<body>

  <div id = "all">
  <?php include("header.php"); ?>
    <div id = "content">
    <?php
    //if the cookie is empty display error message and the form
    if (empty($_COOKIE['user_id'])){
      echo '<p>' . $error_msg . '</p>';
    ?>    
      <form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>" >
        <label>User Name</label>
        <input type = "text"
               id ="username"
               value = "<?php if (!empty($user_username)) echo $user_username; ?>" /><br />
        <label>Password</label>
        <input type = "password"
               id ="password" /><br />
        <input type = "submit"
               value = "login" />
      </form>
    </div>
  <?php include("footer.php"); ?>  
  </div>
  <?php
    }
else{
  //confirm login success
  echo ('<p class="login">You are logged in as' . $_COOKIE['username'] . '.</p>');
}
    ?>
</body>
</html>