ok lets say you go to my game and sign in to the game
ok me being that its my game im admin well if i logout when some one goes to the page all they need to do is hit play and they in the game under my account so it keeps you logged in the game at all times
I have no idea what the problem is. It none of those files does it set the $id variable. Although it uses it through the html.php file. Possibly attach setup.php file also. The only thing that I saw for user authentication was if the username and password were both set. Then it checked for a match via the database. It only set one cookie after that which to be honest, I have no reason why it did that. It set the 'code' held in the database in the cookie. First off, this is a bad procedure because many people could by pass this if they knew this 'code'. Anyways, I need to figure out where the $id variable is being set and setup.php is the only file I think that would have a possibility at this point, unless there are more files included in the setup.php file.
By the way, this script is full of SQL injection. If I were you I would pay a programmer or go through all the files yourself and try to fix those problems. You could run into a problem depending on your php installation. :(