You are using the wrong access rule on the admin.php page. That access rule is for the login page to show a success message when you aren't redirecting to another page.
You should be using the MySQLi Restrict Access to page server behavior with the "authenticate" Authentication on the admin page. The FTP information you gave me doesn't seem to allow me to upload a page, but the code should look like this:
<?php require_once('webassist/mysqli/authentication.php'); ?>
<?php
if (true) {
$RestrictAccess = new WA_MySQLi_Auth();
$RestrictAccess->Action = "restrict";
$RestrictAccess->Name = "authenticate";
$RestricAccessRedirect = "user/login.php";
if (function_exists("rel2abs")) $RestricAccessRedirect = $RestricAccessRedirect?rel2abs($RestricAccessRedirect,dirname(__FILE__)):"";
$RestrictAccess->FailRedirect = $RestricAccessRedirect;
$RestrictAccess->execute();
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Admin page - Secure page!</title>
</head>
<body>
<h3>This is a secured page</h3>
<h3><a href="user/logout.php">Logout</a></h3>
</body>
</html>