Untitled

<html>
<body>
<?php
require_once("Config.php");
/*
Second modification.
Please, for the love of all things nice, use tab spacing for indenting, not
regular old spaces.
*/
ob_start();
if(!isset($_SESSION['ID'])){
	echo '<form action="logintest.php" method="post">
	Username:<input type="text" name="user" /><br />
	Password:<input type="password" name="pass" /><br />
	<input type="Submit" value="Login" />
	</form><br />'; //No need for 3 elots of echo. Speed issues, tiny, but they add up in long code.
}
$user = mysql_real_escape_string($_POST["user"]); // Just the simplest of *many* filters.
$pass = md5($_POST["pass"]); // Make DataBase correspond, means you don't need any filtering, either.
$result = mysql_query("SELECT Password FROM login WHERE Username = '$user'") or die('No such user');
$row = mysql_fetch_assoc($result);
$passtest = $row["Password"];
if($row == false){
	echo "Incorrect Username or password<br />" ; // Don't want to be giving too much away, do we now?
}
else if($pass == $passtest){
	$login=true;
	echo "Logged In successfully"; // You won't see this...
	$query = mysql_query("SELECT * from login WHERE Username = '$user'") or die(mysql_error);
	$row = mysql_fetch_assoc($query);
	$status = $row["Status"];
	if($status == 1){
//		echo "<br />You are admin"; This won't even be seen!
		header("Location:admin.php");
		$_SESSION['ID'] = 1;
	}else{
		$_SESSION['ID'] = 0;
		header("Location:admin.php");
	}
}else{
	echo "Incorrect Username or password<br />" ; // This is the reason for above.
}
mysql_close($con); // This should go in a config, too.
?>
</body>
</html>