So I'm using a login script to verify a user/pass. If the user/pass is valid, it sets some session vars as well as stores them in cookies. It then redirects to the main page of the directory.
if(($_POST["admin_user"] == "useruser") && ($_POST["admin_pass"] == "passpass")){
$_SESSION["admin_user"] = $_POST["admin_user"];
$_SESSION["admin_pass"] = $_POST["admin_pass"];
if(isset($_POST["cookieme"])){
setcookie('admin_user',$_POST["admin_user"],time()+7*24*3600);
setcookie('admin_pass',$_POST["admin_pass"],time()+7*24*3600);
}
header("Location: h--p://www.dbarbour.com/admin/index.php");
}
After logging in to my site, I check the cookies and the cookies appear to be stored just fine. Now, each page I want to protect executes the following:
function is_admin_user(){
if(isset($_SESSION["admin_user"]))
if(($_SESSION["admin_user"] == "useruser") && ($_SESSION["admin_pass"] == "passpass"))
return 1;
else if(isset($_COOKIE["admin_user"])){
if(($_COOKIE["admin_user"] == "useruser") && ($_COOKIE["admin_pass"] == "passpass")){
$_SESSION["admin_user"] = $_COOKIE["admin_user"];
$_SESSION["admin_pass"] = $_COOKIE["admin_pass"];
return 1;
}
}
else
return 0;
}
However, after ending the session, the code doesn't log me in with the cookies when I try to access a protected page as it should (at least as I see it). Am I doing something incorrect?
I'm protecting the pages with the following:
if(is_admin_user());
else
header("Location: h--p://www.dbarbour.com/admin/login.php");
