<?phpinclude "../includes/config.php";session_start();if(!isset($_SESSION[

1. <?php
2. include "../includes/config.php";
3. session_start();
4. if(!isset($_SESSION['admin'])){
5.     if(isset($_POST['submitted'])){
6.         $user = mysql_real_escape_string(stripslashes($_POST['user']));
7.         $pass = md5($_POST['pass']);
8.         $query = mysql_query("SELECT * FROM `users` WHERE `user` = '".$user."' AND `pass` = '".$pass."'") or die(mysql_error());
9.         if ($query) {
10.             $_SESSION['admin'] = $user.$pass;
11.             echo "Login successful.";
12.         } else {
13.             echo "There was an error when you tried to login. Please don't refresh the page. This may just be a fluke.";
14.         }
15.     } else {
16.         echo "<form action='' method='post'>
17.         Username: <input type='text' name='user' /><br />
18.         Password: <input type='password' name='pass' /><br />
19.         <input type='submit' name='login' value='Login' />
20.         <input type='hidden' name='submitted' value='true' />";
21.     }
22. } else {
23.     echo "You're already logged in.";
24. }
25. ?>