Stop logged in user seeing the log in page?

Question

I'm very new to php and mysql. I have found a great tutorial to create a registration and log in section on a site. I'm managing to deconstruct it pretty well and make minor changes. However...

If a user logs in I am able to allow accesss to pages using -

<?php
session_start();

if(!isset($_SESSION['username'])){
header("Location: index.php");
}
?>

If a user is logged in and they revisit the 'log in' page again I don't want them to be able to see it but it redirect them to a page within the 'members area'. How can i do this?

Answer 1

Well if you want to load the same page in the URL, for example, http://domain.com/ , but you want it to be different for logged in people vs logged out people. You could do this.

session_start();

if(!isset($_SESSION['username'])) {
    require_once("pathToLoggedOutFile.php");
} else {
    require_once("PathToLoggedInFile.php");
}
die;

Now, the same can be done if you want to redirect them to another page when they are logged in, you could do this by using headers, for example.

session_start();

if(isset($_SESSION['username'])) {
    header("Location: /pathtologgedinpage.php");
    die;
}

Answer 2

It appears that what you have above is roughly what you want. It presumes that your login script writes a session value for username. If you're unsure, or want to check, and since you say you're new, it might be helpful for you to take a look at what session variables are set. Just put this right below your session_start() line:

echo '<pre>';
print_r($_SESSION);
exit;

Make sure you only use this for dev and comment it out when you're done with it.

Answer 3

You want to set up two paths on your navigation menu like so:

<?php
if (isset($_SESSION['username']))
{
?>
<a href="loggedinpage.php">PageName</a>
<?php
}
elseif (!isset($_SESSION['username']))
{
?>
 <a href="login.php">Login</a>
 <a href="bla.php">Page</a>
<?php
}
?>

So depending whether the $_SESSION[] is set or not.. Different anchors will be displayed.

Responding to comment

Try creating an array with the restricted files.. Example:

if (isset($_SESSION))
{
   $Restrictions = array ("login.php", "index.php", "register.php");
  if (in_array($_SERVER['REQUEST_URI'], $Restrictions ))
  {
    die ("You Must Login To View These Pages!"); //I use die and an include in my scripts, but this will be called when the user is navigating to a page such as login.php when they already have an active session
  } 
}

What the above will do, will utilize the $_SERVER Array for the requested URL, if the users session is active and the user tries to navigate to said filed in the array, they will be presented with a die message. Ofcourse this can be changed to suit your needs.. and you can also do something similar using the same chunk, by restricting the users who are not logged in; from viewing the pages which you are required to be logged in.

For the re-direct

on your index.php, you could have something like this:

if (isset($_SESSION))
{
 header("Location: member_area.php");
 exit; // exit to stop the rest of your page (index.php for example) from processing.
}

This will re-direct the user to a page, if they have an active session.

---

Looking at your question; you want the user to be re-directed to a member_area if $_SESSION is active.. Then use the last chunk under the name of "For the re-direct

Answer 4

//Your Logout.php script should look something like this.
$session_variable = $_SESSION['variable'];
session_unset($session_variable);
session_destroy();
header('Location: blah.php');

//Your session check script should look something like this. 
$session_variable = $_SESSION['variable'];
if(!isset($session_variable)) {
session_unset();
session_destroy();
header('Location: blah.php');
}

Answer 5

You can not use header("Location: http://www.site.com") if there is something written before that. PHP header function has to be like this

<?php header("Location: http://www.site.com") ?>