Where is my mistake!

[dianfishekqiu]

core.inc.php



<?php
ob_start();
session_start();
$pagelocation=$_SERVER['SCRIPT_NAME'];
@$http_referer=$_SERVER['HTTP_REFERER'];


function gjendja(){
if(isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])){
return true;
}else{
return false;
}
}



function getuserfield($field){
$query="SELECT `$field` FROM 'userlist' WHERE `id`='".$_SESSION['user_id']."'";
if($query_run=mysql_query($query)){
if($query_result=mysql_result($query_run,0,$field)){
return $query_result;
}else{
echo 'error';
}
}
}
?>


index.php


<?php
require_once 'core.inc.php';
require_once 'connect.inc.php';

if(gjendja()){
echo 'Welcome.<a href="logout.php">LogOut</a>';
echo getuserfield('firstname');
}else{
include_once 'login.inc.php';
}

?>

login.inc.php

<?php
require_once 'core.inc.php';
require_once 'connect.inc.php';

if(isset($_POST['username'])&&isset($_POST['password'])){
$username=$_POST['username'];
$password=$_POST['password'];

$password_hash=md5($password);

if(!empty($username)&&!empty($password)){

$query="SELECT `id` FROM `userlist` WHERE `password`='$password_hash' AND `username`='$username'";

if($query_run=mysql_query($query)){

$query_num_rows=mysql_num_rows($query_run);

if($query_num_rows==0){

echo 'INVALID PASSWORD/USERNAME';

}elseif($query_num_rows==1){
$user_id=mysql_result($query_run,0,'id');

$_SESSION['user_id']=$user_id;

header('Location: index.php');

}
}
}
}
?>
<form action="<?php echo $pagelocation;?>" method="POST">
Username:<input type="text" name="username"><br><br>
Password:<input type="password" name="password">
<input type="submit" value="LogIn">
</form>