Untitled

THIS IS THE AUTHENTICATION SCRIPT

<?php
session_start(); // Start a new session


// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['pass'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from user where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
	 $count++;
}

if ($count == 1) {
	 $_SESSION['loggedIn'] = "true";
	 header("Location: ../admin.php"); // This is wherever you want to redirect the user to
} else {
	 $_SESSION['loggedIn'] = "false";
	 header("Location: ../index.php"); // Wherever you want the user to go when they fail the login
}

?>

THE ADMIN AREA
<?php
session_start();
if ($_SESSION['loggedIn'] != "true") {
	header("Location: admin.php");
}

<!DOCTYPE html>
<html lang="en">
<head>
<title>Japanese Proverbs</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="style.css" />
<script language="javascript" src="js/jquery.js"></script>
<script language="javascript" src="js/tweet.js" type="text/javascript"></script>
<script type="text/javascript" src="js/vote.js"></script>
<script type="text/javascript" src="js/contact.js"></script>
 <script language="javascript">
    $(function() {
		$("document").ready(function() {
			$(".tweet").tweet({
            username: "japaneseprov3rb",
            avatar_size: 32,
            count: 3,
            loading_text: "loading tweets..."
        });
		})
		//handles the showing and hiding submit div
		$(".showsubmission").click(function() {
			$("#submit_proverb").toggle('slow');
		})
		$("#submitbutton").click(function() {
			$("#submit_proverb").hide('fast');
			$('#submit_success').show('fast');
			setTimeout(function () {$('#submit_success').hide('slow');
			}, 60000);
		})
		//voting
		$('.up_click').click( function() { $.post('include/vote.php', { id: $(this).parent().data('post'), vote: 'up' }) });


})
</script>

</head>
<body>
<div class="top_status"><div id="submit_success">Proverb has been submitted</div></div>
<div id="wrapper">
	<div id="header">
	<?php include("include/header.php"); ?>
		<div id="menu">
			<?php include("include/menu.php"); ?>
		</div>
	</div>
	<div id="content">
    	<div id="submit_proverb">
		<p>Submit a proverb. All proverbs will be reviewed and approved by a moderator.</p>
    	  <form method="post" action="include/insert.php">
    	    <label for="proverb"></label>
    	    <input name="proverb" type="text" id="proverb2" size="60">
            <input type="submit" value="Submit" id="submitbutton">
    	  </form>
    	</div>

   <table width="600" border="1" align="center">
  <tr>
    <th width="80" scope="col">Proverb ID</th>
    <th width="326" scope="col">Submission</th>
    <th width="74" scope="col">Approve</th>
  </tr>

<?php

// Grabbing all of the unapproved proverbs
$result = mysql_query("SELECT * FROM proverb WHERE statusid=0 ORDER BY rating DESC LIMIT 10") or die (mysql_error());

while($row = mysql_fetch_array($result)) {
$id =$row['ProverbID'];
$rating = $row['Rating'];
echo "<tr><td>" . $id . "</td>";
//If malicious input somehow passes input validation, htmlspecialchars function is used to strip output
echo "<td>" . $row['Message'] . "</td>";
echo "<td><a href=\"include/do_approve.php?id=$id\" name=\"id\">Approve</a></td></tr>";
}


?>

</table>

<p><a href="include/logout.php">Logout</a>


	</div>
	<div id="footer">
		<?php include("include/footer.php"); ?>
  </div>

<?php include("include/contact.php"); ?>

</div>
</body>
</html>