Using session to determine user login permissions of is super simple

As shown below:

<form action="#" method=post>
 User name: <input type=text name=user><br>
 The secret    Code:  <input type=password name=pwd><br>
<input type=submit name=sbumit value= submit >
<input type=reset name=reset value= reset >
<?
session_start();
$_SESSION["user"]=$_POST[user];
$_SESSION["password"]=$_POST[pwd];
if($_SESSION[user]==""){
 echo "<mce:script type="text/javascript"><!--
alert(' User name cannot be empty! ');
// --></mce:script>";
}
if($_SESSION["user"]=="admin"){
 echo " Current login: System administrator <br><a href='users_manage.php'> User management </a>";
}else{
 echo" Current login: ".$_SESSION[user]."<br><a href='album.php'> My photo album </a>";
}
?>