Session Help

[LemonInflux]

Ok, I've been looking into sessions for a website I'm doing (flat, again), and I need help with how I would go about writing a code that cancels the session when a visitor leaves the site. Here is my (flat) authentication code:

 

<?php

error_reporting(0);

session_start();

// authenticate username/password
// returns: -1 if user does not exist
//           0 if user exists but password is incorrect
//           1 if username and password are correct
function auth($user, $pass){

$result = -1;

if((trim($user) != "") && (trim($pass) != "")){

// make sure that the script has permission to read this file!
$data = file("users.db.php");

// iterate through file
foreach ($data as $line){

  $arr = explode(" | ", $line);

  // if username matches
  // test password
  if($arr[0] == $user){
   
   // if match, user/pass combination is correct
   // return 1
   if($arr[1] == $pass){
    $result = 1;
    break;
   }else{
    // otherwise return 0
    $result = 0;
    break;
   }
  }
}
}

// return value
return $result;
}

// Check if Sessions have exist or else see if any var's are posted
if(!isset($_SESSION["SESSION_UNAME"]) && !isset($_SESSION["SESSION_UPASS"])){
$f_user = $_POST['f_user'];
$f_pass = md5($_POST['f_pass']);
}else{
$f_user = $_SESSION["SESSION_UNAME"];
$f_pass = $_SESSION["SESSION_UPASS"];
}

if($_GET['logout'] == "true"){
$f_user = "";
$f_pass = "";
session_unset();
session_destroy();
header("Location: ?");
}

if(auth($f_user, $f_pass) == 1){
$_SESSION["SESSION_UNAME"] = $f_user;
$_SESSION["SESSION_UPASS"] = $f_pass;
}else{
echo <<<HTML
<html>
<head><style type='text/css'>
<!--
select, option, textarea, input {
BORDER: #808080 1px solid;
COLOR: #000000;
FONT-SIZE: 11px;
FONT-FAMILY: Verdana; BACKGROUND-COLOR: #ffffff
}

input[type=submit]:hover, input[type=button]:hover{
background-color:#ebebeb !important;
}

a:active,a:visited,a:link {color: #446488; text-decoration: none; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt;}
a:hover {color: #00004F; text-decoration: none; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; }
a.nav:active, a.nav:visited,  a.nav:link { color: #000000; font-size : 10px; font-weight: bold; font-family: verdana; text-decoration: none;}
a.nav:hover { font-size : 10px; font-weight: bold; color: black; font-family: verdana; text-decoration: underline; }
.bborder        { background-color: #FFFFFF; }
.panel                {-moz-border-radius: .3em .3em .3em .3em; border: 1px dotted silver; background-color: #F7F6F4;}
BODY, TD, TR {text-decoration: none; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; cursor: default;}
-->
</style><title>Login</title>
</head>
<body>
<center>
Please enter your username and password.<br>
<table border="0" cellspacing="5" cellpadding="5">
<form action="" method="POST">
<tr>
<td>Username</td>
<td><input type="text" size="20" name="f_user"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" size="20" name="f_pass"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Log In"><br><br>
Or, if you just logged out, click <a href=../index.php>here</a> to go to the home page
</td>
</tr>
</form>
</table>
</center>
</body>
</html>
HTML;
exit();
}
?>

 

Basically, the whole top bit is the session, and the HTML at the end is what to display if the viewer isn't logged in. On all password-protected pages, I have <?php include('auth.inc.php'); ?>. How do I mod this so the session ends when the user leaves the site, not when they log out? (preferably, when they log out OR leave the site).

[jaymc]

in  php.ini you set the time out for a session to 0 I believe, that will kill the session when they close the browser

 

You can do this using ini_set() in a php document if your on a shared server

 

The HTML and CSS is irrelivent, will just confuse us