If i try to login with the script below without any username or password, it logs me in as a user that is already in the database! Cant see why it would do that though when it should just show an error... There is another page, but that is just a form with no predeffined values that will affect the form!
$sql_reg="select * from tbl_register where username='".$username."' and password='".$password."' and status='1'";
$fet=mysql_query($sql_reg) or die("The Following error occired: <br>".mysql_error());
Upon further review, are you sure that code runs without error? "password" is a reserved word in MySQL (the password() function), so I would expect your mysql_query() call to throw an error since you have not back-quoted the `password` column name.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation