Untitled

<?php
ob_start();
?>
<html>
<body>
<?php
require_once("config.php");
if(!isset($_SESSION['ID'])){
	echo('<form action="logintest.php" method="post">');
	echo('Username:<input type="text" name="user" /><br />');
	echo('Password:<input type="password" name="pass" /><br />');
	echo('<input type="Submit" value="Login" /></form><br />');
}
$user = mysql_real_escape_string($_POST["user"]); // Just the simplest of *many* filters.
$pass = $_POST["pass"]; // Make DataBase correspond, means you don't need any filtering, either.
$result = mysql_query("SELECT Password FROM login WHERE Username = '$user'") or die('No such user');
$row = mysql_fetch_assoc($result);
var_dump($row);
$passtest = $row["Password"];
if($pass==$passtest){
		$query = mysql_query("SELECT * FROM login WHERE Username = '$user'") or die(mysql_error);
        $row = mysql_fetch_assoc($query);
		$status = $row["Status"];
		var_dump($row);
		if(isset($status) && $status==5){
            $_SESSION['ID']=1;
			header("Location:admin.php");
        }else if(isset($status) && $status==0){
			$_SESSION['ID']=0;
            header("Location:shits.php");
        }
}
else
{
	echo("Wrong Password/Username <br />");
}
mysql_close($con); // This should go in a config, too.
ob_flush();
?>
</body>
</html>