a parte che sono dei notice e non errori,

ti dice che stai utilizzando valori inesistenti.
<?
if(isset( $_POST['invia'])) {

$user = $_POST['user'];
$email = $_POST['email'];
$password = $_POST['password'];
$invia = $_POST['invia'];

if ((!empty($user)) && (!empty($email)) && (!empty($password))) {
$user_sec = htmlentities($user, ENT_QUOTES);
$email = $_POST["email"];
$password = crypt ($password, 'cj');
$res = @mysql_query("SELECT * FROM users WHERE user = '".$user_sec."' AND email = '".$email."' AND password = '".$password."'");
if (@mysql_num_rows($res) != 0) {
$db_data = @mysql_fetch_assoc($res);
$id = $db_data["id"];
$user = $db_data["user"];
$password = $db_data["password"];
$email = $db_data["email"];
$lastseen = date ("Y-m-d G:i:s");
@mysql_query("UPDATE users SET LASTSEEN = '$lastseen' WHERE id = '$id'");
@setcookie("auth[0]", "$user", time()+36000);
@setcookie("auth[1]", "$password", time()+36000);
@header ("location: home.php");
} else $err_msg = "Username e/o Password errati!";
}

} ?>