<?php

  if(count($_POST)>0 && $captcha == true) {
  	$username = mysqli_real_escape_string($con, $_POST["username"]);
  	$password = mysqli_real_escape_string($con, $_POST["password"]);
  	$username = htmlentities($username);
  	$password = htmlentities($password);
  	$save_passw = sha1($password);

   $stmt = $con->prepare("SELECT * FROM users WHERE username = ? AND password='$save_passw' AND active='1'");
   $stmt->bind_param("ss", $username, $password);
   $stmt->execute();
   $stmt->store_result();

   $stmt->bind_result($username, $password);
   $stmt->fetch();