Security
1. Authentication/Login (must be HTML form) (including salting/hashing) (2 pts)
2. Session management (including check session/ destroy) (2 pts)
3. Sanitization (1 pts)
Authorization
1. Role management on all pages (including unauthorized page).
2. Provide at least 2 roles (admin, user)