onthespot Posted July 3, 2009 Share Posted July 3, 2009 Hello. I am currently creating a login system which uses sessions. It all works, the register, login, etc. However, i can login, and be on the account page, but if i were then to retype the login address, it will let me log in again, therefore the login isn't remaining. The login form is basic, and just sends the information to the sessions.php file on the server. I have provided the sessions file below. This file is included on every page on the site. Can someone give me some advice, i have tried several things and just cant seem to get it right. Would be appreciated login php session_start(); $username = mysql_real_escape_string($_POST['username']); if ($_POST['Submit']=='Login') { $md5pass = md5($_POST['pwd']); $sql = "SELECT id,username FROM users WHERE username = '$username' AND password = '$md5pass' AND user_activated='1'"; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); if ( $num != 0 ) { // A matching row was found - the user is authenticated. session_start(); list($userid,$username) = mysql_fetch_row($result); // this sets variables in the session $_SESSION['user']= $username; if (isset($_GET['ret']) && !empty($_GET['ret'])) { header("Location: $_GET[ret]"); } else { header("Location: myaccount.php"); } //echo "Logged in..."; exit(); } header("Location: login.php?msg=Invalid Login"); //echo "Error:"; exit(); } The database is connected fine aswell, havent missed that, it all works, just need help with this particular aspect. Thanks Quote Link to comment Share on other sites More sharing options...
gevans Posted July 3, 2009 Share Posted July 3, 2009 You're not checking if the user is already logged in. When you get to login.php check if the user is logged in, if they are, redirect. Quote Link to comment Share on other sites More sharing options...
onthespot Posted July 3, 2009 Author Share Posted July 3, 2009 What function do i use to check that? Im struggling on this more than I should be. Cheers dude Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 3, 2009 Share Posted July 3, 2009 You need to check if $_SESSION['user'] has been set -- use isset Quote Link to comment Share on other sites More sharing options...
gevans Posted July 3, 2009 Share Posted July 3, 2009 <?php if(isset($_SESSION['user'])) header('Location: index.php'); Add the above code after your start_session() code. Quote Link to comment Share on other sites More sharing options...
onthespot Posted July 3, 2009 Author Share Posted July 3, 2009 Ok ill give that a go, i tried to make a second session variable called "logged_in" but that didnt work, of course this is the way, these little things always make you learn for the future. Thankyou Quote Link to comment Share on other sites More sharing options...
onthespot Posted July 3, 2009 Author Share Posted July 3, 2009 Just attempted that, and as soon as I go to login.php, as im already logged in, it trys to redirect me to where i should be, however, it then says im stuck in a loop. I just considered this, and thought that if that code you gave me was applied to all pages, in a include sessions file, would that cause the redirected page to load over and over and over, because im already logged in. This must only be applied to pages that the user would not see if logged in? Quote Link to comment Share on other sites More sharing options...
gevans Posted July 3, 2009 Share Posted July 3, 2009 Yes, you only apply this to the login page (or other restricted pages). By adding it to index.php your code is checking if you're logged in. If you are it redirects you to the index page, checkes if you're logged in and redirects to the index page etc.... Quote Link to comment Share on other sites More sharing options...
onthespot Posted July 3, 2009 Author Share Posted July 3, 2009 Thankyou this is now solved cheers fella Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.