So first of all, there :
header("location: ../Pages/Admin_panel.html");
?>
<script>
alert("Unable to Sign In!");
</script>
<?php
Everything following the header()
relocation won't get executed.
Instead you can use :
else
{
?>
<script>
alert("Unable to Sign In!");
window.location.replace('/Pages/Admin_panel.html')
</script>
<?php die();
}
Then in your other pages which require rights, add the following code :
<?php
if($_SESSION['user_rights'] != 'admin'){ //whatever rights he would need to access this page
session_destroy();
header("location: ../Pages/login.html"); //your login page.
}
?>