:
login.php, , . login.php. ( = 'login.php'). , , .
, , ($_POST['user']) . , $_SESSION :
$_SESSION['username'] = $_POST['user'];
, login.php :
echo 'header("login.php")'; //You should not have echoed anything before this
login.php , . , , inbox.php,
include ("login.php")
Now login.php will check if the 'user' session variable is set and allow access only to authorized users.