CMS TUT - Sentry not working?

[BoBBIDiGITAL]

Hi,

This is my first post as I am fairly new to PHP I have gotten to part 5 of the tutorial and I am having problems. I don't receive any error messages but the Sentry.php script is not doing it's job I can still go directly to the admin pages, without entering a the login details again. I thought sessions were destroyed after the browser was closed so I tried using the session_unset and session_destroy to clear them but these have not changed the situation. See the code for sentry.php and login.php below. I should mention also that the login page works it's just not redirected to this page if I try to access the newarticle page directly. Any help will be appreciated, Thanks in advance!

Ben

Login.php

PHP Code:

<?php
require_once("../includes/Sentry.php");

$sentry = new Sentry();
if ($_POST['user'] != ''){
    $sentry->checkLogin($_POST['user'],$_POST['pass'],4,'welcome.php','failed.php');
}

if ($_GET['action'] == 'logout'){
    if ($sentry->logout()){
        echo '<center>You have been logged out</center><br>';
    }
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<table width="25%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000066">
  <tr>
    <td align="center" bgcolor="#000066"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Login</strong></font></td>
  </tr>
  <tr>
    <td bordercolor="#FFFFFF"><form name="form1" method="post" action="login.php">
        <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><br>
&nbsp;User:
          <input type="text" name="user">
        </font></p>
        <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;Pass:
              <input type="password" name="pass">
        </font></p>
        <p align="center"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
          <input type="submit" name="Submit2" value="Submit">
        </font></p>
      </form>
        <div align="right"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="login.php?action=logout">Logout</a>&nbsp;</font></div>
    </td>
  </tr>
</table>
</body>
</html>

Sentry.php

PHP Code:

<?php
////////////////////////////////////////////////////////////////////////////////////////
// Class: sentry
// Purpose: Control access to pages
///////////////////////////////////////////////////////////////////////////////////////
class sentry {
    
    var $loggedin = false;    //    Boolean to store whether the user is logged in
    var $userdata;            //  Array to contain user's data
    
    function sentry(){
        session_start();
        header("Cache-control: private");
    }
    
    //======================================================================================
    // Log out, destroy session
    function logout(){
        unset($this->userdata);
        session_destroy();
        return true;
    }

    //======================================================================================
    // Log in, and either redirect to goodRedirect or badRedirect depending on success
    function checkLogin($user = '',$pass = '',$group = 10,$goodRedirect = '',$badRedirect = ''){

        // Include database and validation classes, and create objects
        require_once('DbConnector.php');
        require_once('Validator.php');
        $validate = new Validator();
        $loginConnector = new DbConnector();
        
        // If user is already logged in then check credentials
        if ($_SESSION['user'] && $_SESSION['pass']){

            // Validate session data
            if (!$validate->validateTextOnly($_SESSION['user'])){return false;}
            if (!$validate->validateTextOnly($_SESSION['pass'])){return false;}

            $getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '".$_SESSION['user']."' AND pass = '".$_SESSION['pass']."' AND thegroup <= ".$group.' AND enabled = 1');

            if ($loginConnector->getNumRows($getUser) > 0){
                // Existing user ok, continue
                if ($goodRedirect != '') {
                    header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
                }            
                return true;
            }else{
                // Existing user not ok, logout
                $this->logout();
                return false;
            }
            
        // User isn't logged in, check credentials
        }else{    
            // Validate input
            if (!$validate->validateTextOnly($user)){return false;}
            if (!$validate->validateTextOnly($pass)){return false;}

            // Look up user in DB
            $getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '$user' AND pass = MD5('$pass') AND thegroup <= $group AND enabled = 1");
            $this->userdata = $loginConnector->fetchArray($getUser);

            if ($loginConnector->getNumRows($getUser) > 0){
                // Login OK, store session details
                // Log in
                $_SESSION["user"] = $user;
                $_SESSION["pass"] = $this->userdata['pass'];
                $_SESSION["thegroup"] = $this->userdata['thegroup'];
                                
                if ($goodRedirect) {
                    header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
                }
                return true;

            }else{
                // Login BAD
                unset($this->userdata);
                if ($badRedirect) {
                    header("Location: ".$badRedirect) ;
                }        
                return false;
            }
        }            
    }
}    
?>