No idea why I have ran it thru the validator. everything looks good except for it saying that my tags dont match and thats because they are in and out of php i think.
Code:
<?php
//clear error message
$error_msg = "";
//if user is not logged in attempt to log in
if (!isset($_COOKIE['user_id'])){
if (isset($_POST['submit'])){
//connect to database
$dbc = mysqli_connect('localhost', 'root', '', 'kickado')
or die('Error connecting to MySQL server.');
//grab login from form input
$user_username = mysqli_real_escape_string($dbc, trim($_POST['user_name']));
$user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));
if (!empty($user_username) && !empty($user_password)){
//compare the input with whats stored in database
$query = "SELECT user_id, user_name FROM kickado_user WHERE user_name = '$user_username' AND" .
"password = SHA('$user_password')";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1){
//Log in is confirmed set cookies and redirect to home page
$row = mysqli_fetch_array($data);
setcookie('user_id', $row('user_id'));
setcookie('username', $row('user_name'));
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
header('Location: ' . $home_url);
}else {
//username and password are incorrect display an error message
$error_msg = 'Sorry, you must enter a valid username and password to log in';
}
}else {
//username and password are blank display an error message
$error_msg = 'Sorry, you must enter a valid username and password to log in';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>KickADo | Your 30 seconds to fame!</title>
<link type = "text/css"
href = "sign_in.css"
rel = "stylesheet" />
</head>
<body>
<div id = "all">
<?php include("header.php"); ?>
<div id = "content">
<?php
//if the cookie is empty display error message and the form
if (empty($_COOKIE['user_id'])){
echo '<p>' . $error_msg . '</p>';
?>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>" >
<label>User Name</label>
<input type = "text"
id ="username"
value = "<?php if (!empty($user_username)) echo $user_username; ?>" /><br />
<label>Password</label>
<input type = "password"
id ="password" /><br />
<input type = "submit"
value = "login" />
</form>
</div>
<?php include("footer.php"); ?>
</div>
<?php
}
else{
//confirm login success
echo ('<p class="login">You are logged in as' . $_COOKIE['username'] . '.</p>');
}
?>
</body>
</html>
Before you post, read our: 
