Hi, guys!
I'm trying to develop a protected area for a website... just a few page to let a small forum administrator to check/delete message, view a list of the users in the DB. I have set a table in the db where are administrator username and psw. In the first page I have a login form. I guess I have to open a session to keep "in mind" administrator data after login while he goes through the other pages.
This is the code:
login.php file
<?php
session_start();
if(IsSet($sent))
// $sent is the submit button name
{
$adPass = $POST['adPass'];
$adName = $POST['adName'];
session_register('adName');
$_SESSION['adName'] = $adName;
//Then all the stuff about db check//
if($num_rows == 1) {
$array = mysql_fetch_array($result);
header("Location: admin_pane.php");
exit();
}
else {
session_destroy();
exit();
}
admin_pane.php
<?php
session_start();
if($adName=="")
{
print "Access denied, you need to login!";
session_destroy();
exit();
}
?>
<html>
...... here's all the code for the administrator control pannel
</html>
Every thing seems to work nice but if I colse the browser after I have logged in and I reopen it I can access admin_pane.php without login (actually in the temporary session file the variable value is still there). The only solution is a Logout button?! I read somewhere on the Internet that the session should end when I close the browser. I've messed up... would somebody help me?
Thanks for reading my long post!
T.
😕 😕 😕 😕 😕 😕
