Hey.
I have this code to do a simple protect on a couple of pages....
<?
$user_passwords = array (
"demo" => "demo"
,"demo2" => "demo"
);
$logout_page = "cp-logout.php";
$login_page = "cp-login.php";
$invalidlogin_page = "cp-invalidlogin.php";
if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($logincookie[pwd] == "") || ($logincookie[user] == ""))
{
include($login_page);
exit;
}
else if (strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) == 0)
{
Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 86400);
Setcookie("logincookie[user]",$logincookie[user],time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
?>
What is not happening is when I close the page after logging in, it does not prompt me to login again. It seems like the cookie never expires. I want when the browser closes and you go to the page again it will ask you to login again.
If you could help with this it would be much appreciated.
Also, I have a user login and a admin login, but when put this same code in two different files it allows people who logged in through the user login to view the admin protected area. Why is it doing that?
Thanks,
Andrew
