All user/ pages require authentication against database users.

includes/login.inc

@@ -1,9 +1,6 @@
 <?php
-if (!$_COOKIE['session'] && ($_POST['do'] !== "authenticate")) {
-	echo "Please login:";
-	include "login_form.inc";
-	break;
-} else {
+if ( $_COOKIE['session'] ) { // Do nothing
+} else if ($_POST['do'] == "authenticate") {
 	require "dbconnect.php";
  
 	$sql = "SELECT id,username FROM users WHERE username='$_POST[username]' and password=PASSWORD('$_POST[password]')";
@@ -13,7 +10,7 @@ if (!$_COOKIE['session'] && ($_POST['do'] !== "authenticate")) {
 
 	if (mysql_num_rows($result) === 1) {
 		unset($_POST['do']);
-		$_COOKIE['session'] = 1;
+		$_COOKIE['session'] = '1';
 		setcookie('session',$_COOKIE['session']);
 	} else {
 		unset($_POST['do']);
@@ -22,5 +19,9 @@ if (!$_COOKIE['session'] && ($_POST['do'] !== "authenticate")) {
 		include("login_form.inc");
 		break;
 	}
+} else {
+        echo "Please login:";
+        include "login_form.inc";
+        break;
 }
 ?>

user/edit.php

@@ -1,6 +1,7 @@
 <?php
 require "../includes/htmlcode.php";
 start_html("Find post to edit");
+include "../includes/login.inc";
 ?>
 
 <h1>Find post to edit</h1>

user/editpost.php

@@ -6,6 +6,8 @@ require "../includes/dbconnect.php";
 require "../includes/htmlcode.php";
 
 start_html("Edit post");
+include "../includes/login.inc";
+
 print "<h1>Edit post</h1>";
 
 $query = "SELECT * FROM blog WHERE date='$_GET[date]' AND title='$_GET[title]'";

user/index.php

@@ -1,6 +1,7 @@
 <?php
 require "../includes/htmlcode.php";
 start_html("simlog user interface");
+include "../includes/login.inc";
 ?>
 
 <h1>simplog user interface</h1>

user/updatepost.php

@@ -6,6 +6,7 @@ require "../includes/dbconnect.php";
 require "../includes/htmlcode.php";
 
 start_html("Post updated");
+include "../includes/login.inc";
 
 
 $query = "UPDATE blog SET date='$_POST[date]', title='$_POST[title]',