<? session_start();ob_start();include 'db.php';if(isset($_POST['submit']))

1. <? session_start();
2. ob_start();
3. include 'db.php';
4. if(isset($_POST['submit'])){
5.  
6. $user = $_POST['user'];
7. $pass = $_POST['passwd'];
8. $result = mysql_query("select id from members where user='" .$user. "' and pass = '" .$pass. "'", $db);
9. $_SESSION['sess_id'] = mysql_result($result, 0, 'id');
10. $_SESSION['sess_user'] = $_POST['user'];
11. header("Location: admin.php");
12. exit;
13. }
14. if (isset($_GET['logout'])) {
15. session_unset();
16. session_destroy();
17. header("Location: index.php");
18. exit; }
19. ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">