[SOLVED] If user is logged in go to member-index.php

[daveoffy]

I am having this one issue that I can't figure out how to fix. I have an index.php file with the login form. After you login it goes to the member-index.php page and you can change settings and view profile info. If you go to a diffrent page on the site like the main home page (doesn't have login) and go back to account you have to re-log in, but you are already logged in, you just need to do that so you can go to the member-index.php page. Is there a way to make it so if the user is logged in, when the go to the account index it takes them to the member-index.php page?

[premiso]

Are you using cookies?

 

The trick is to set a cookie with the username and perhaps either an md5 hashed password (there are more secure ways but to do the point md5 should be fine).

 

Make sure the password in the DB is stored as an MD5 hash then you just verify the cookies each time a page is loaded where you want authentication. You always have to check those values and doing it that way the user does not have to re-login until they clear their cookies or close the browser.

 

Hope that helps, so basically when the user first logs in store the username/md5 version of the password in 2 seperate cookies and then use them to verify the user's information by pulling their account information out of the database.

 

<?php
// assumes a database connection

// check if cookies are present
if (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
    $sql = "select username, password from table_users where username = '" . $_COOKIE['username'] . "' LIMIT 1";
    $return = mysql_fetch_assoc(mysql_query($sql));
    if ($return['password'] != $_COOKIE['password']) 
           die('Invalid user information');
}else {
    // send to login form they are not logged in
}

?>

 

You would use the setcookie() to set the cookies.

 

Hope that helps.

[trq]

Without seeing your code I can only post a simple example.

 

index.php

<?php

  session_start();
  if (isset($_SESSION['logged'])) {
    header("Location: http://yoursite.com/member-index.php");
  }

?>

[.josh]

Basically the idea of being "logged in" is for a user to identify himself through stored information in a database or flatfile (usually a name/pw or email/pw combo).  You would have an "entry point" somewhere (the login form).  This entry point will allow the user to identify himself.  You seem to have that already, so that part is done.  Next step is to use a system of data persistence to keep that user tagged as "authorized" or "logged in".  Common way to do this is with sessions.  So, when the user identifies himself through your login, you will want to create a session variable that can be passed form page to page.  It could be a unique number or the user's account id or simply a boolean var.  So, on every page that you want the user to be "logged in" to, you need to tell php that you are using a session, by having session_start() at the top, and then checking if that session variable exists.  If it does, the user is logged in, display the page, do whatever.  If it doesn't, then redirect back to the login page or wherever.  That's basically what thorpe has as an example in his post: something like that needs to be on every page you want the user to be "logged in" to.

[daveoffy]

I took the info from all of yours and it worked. Thanks so much guys.