Ciao! Prima vi posto il codice, poi vi dico il problema!

file index.php: javascript e form
codice:
<script src="include/jquery-1.4.3.min.js" type="text/javascript" language="javascript"></script>
<script language="javascript">
$(document).ready(function()
{
	$("#login_form").submit(function()
	{
		//remove all the class add the messagebox classes and start fading
		$("#msgbox").removeClass().addClass('messagebox').text('Validating....').fadeIn(1000);
		//check the username exists or not from ajax
		$.post("login.php",{ username:$('#username').val(),password:$('#password').val(),rand:Math.random() } ,function(data)
        {
		  if((data)=="YES") //if correct login detail
		  {
		  	$("#msgbox").fadeTo(200,0.1,function()  //start fading the messagebox
			{ 
			  //add message and change the class of the box and start fading
			  $(this).html('Logging in.....').addClass('messageboxok').fadeTo(900,1,
              function()
			  { 
			  	 //redirect to secure page
				 document.location='#';
			  });
			  
			});
		  }
		  else
		  {
		  	$("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox
			{ 
			  //add message and change the class of the box and start fading
			  $(this).html('Your login detail sucks...').addClass('messageboxerror').fadeTo(900,1);
			});		
          }
				
        });
 		return false; //not to post the  form physically
	});
	//now call the ajax also focus move from 
	$("#password").blur(function()
	{
		$("#login_form").trigger('submit');
	});
});
</script>
form:
codice:
        <form method="post" action="" id="login_form">
            <input name="username" type="text" id="username" value="" />
            <input name="password" type="password" id="password" value="" />
            <input type="submit" name="button" id="button" value="Submit" /> 
	        Hai dimenticato la password? | 
            Registrati
        </form>
login.php
Codice PHP:
<?php session_start();

include("include/config.php"); 
$connect mysql_connect(HOST_DBUSER_DBPASS_DB) or die("Connessione non riuscita");
mysql_select_db(NAME_DB,$connect) or die("Selezione del database non riuscita");
//get the posted values
$user $_POST['username'];
$pass $_POST['password'];

//now validating the username and password
$sql "SELECT * FROM users WHERE uname = ".$user." AND pword = ".$pass."";
$results mysql_query($sql);
$row mysql_fetch_array($results);

//if username exists
if(mysql_num_rows($results) == 1) {
    echo "YES";
    $_SESSION['u_name']=$user_name
} else {
    echo "NO"//Invalid Login
}
?>
la condizione data==yes non è mai vera, come mai? non me ne intendo tanto di js infatti non capisco come un echo true possa assegnare un valore a "data"..