You didnt tell exactly where is your problem.
now check
1. in login.inc.php file there is
if(isset($_POST['username']) && isset($_POST['password'])){
$username=$_POST['username'];
$password=$_POST['password&'];
2. With your query your system can be easily hacked. learn about mysql_real_escape_string function
3. in your log in i can see a semicolon infront of root
4. I can see ob_start but I dont see ob_end_flush() //this is not related with failure.
Finally you better provide more information