I have these two functions in a class:
class admin{
function SessionClear() {
$_SESSION=array();
unset($_COOKIE[session_name()]);
session_destroy();
$time=time();
header("Location: http://".$_SERVER["SERVER_NAME"].$_SERVER["PHP_SELF"]."?ref=1&cache_defeat=$time");
exit;
}
function Authenticate() {
define("HTTP_AUTH_REALM", "123");
session_start();
if(!isset($_SESSION["uid"])) {
if(!isset($_COOKIE['login_attempts'])){
unset($_SERVER['PHP_AUTH_USER']);
setcookie('login_attempts', 1,time()+300);
echo$_COOKIE['login_attempts']."121212";
}
if(!isset($_SERVER['PHP_AUTH_USER'])){
header("WWW-Authenticate: Basic realm=\"".HTTP_AUTH_REALM."\"");
header("HTTP/1.0 401 Unauthorized");
echo("This is for authorized users only.");
exit;
}
if($_SERVER['PHP_AUTH_USER']!='u' || $_SERVER['PHP_AUTH_PW']!='p') {
echo("This is for authorized users only.");
exit;
}
}
}
}
It doesn't seem to work correctly.
I call it like this
In every protected page:
$aa=new Admin();
$aa->Authenticate();
It asks the fisrt time for password but it never refresh the internal time.When 300 secs pass it requires login again.
When a user hits logout.
$aa->SessionClear();
It nevers logout.
How can I make this work with session control?
It seems to work only with cookies and again not correct
