Simple and short answer if you did the database table right.
$query = mysqli_query("SELECT * FROM users WHERE username = _SAFE_USERNAME_POST_ AND password = _SAFE_PASSWORD_POST_");
if (mysqli_num_rows($query) > 0)
{
}
else
{
}
or
$query = mysqli_query("SELECT password, id FROM users WHERE username = _SAFE_USERNAME_POST_");
if (mysqli_num_rows($query) > 0)
{
$result = mysqli_fetch_array($query);
if (_SAFE_PASSWORD_POST_ == $result['password'])
{
}
else
{
}
}
else
{
}
_SAFE_USERNAME_POST and _SAFE_PASSWORD_POST will be the variables whenever you are done with all the initial check ups and stripping/encoding.
ps. Check your code and rewrite it, many unnessesary things in there, also why is there a session_start in the middle of the script.