[SOLVED] Sessions login, please help.

[onthespot]

Hello. I am currently creating a login system which uses sessions. It all works, the register, login, etc. However, i can login, and be on the account page, but if i were then to retype the login address, it will let me log in again, therefore the login isn't remaining.

 

The login form is basic, and just sends the information to the sessions.php file on the server. I have provided the sessions file below. This file is included on every page on the site.

 

Can someone give me some advice, i have tried several things and just cant seem to get it right. Would be appreciated

 

login php

 

session_start();

 

$username = mysql_real_escape_string($_POST['username']);

 

if ($_POST['Submit']=='Login')

{

$md5pass = md5($_POST['pwd']);

$sql = "SELECT id,username FROM users

        WHERE username = '$username'

AND password = '$md5pass'

AND user_activated='1'";

 

$result = mysql_query($sql) or die (mysql_error());

$num = mysql_num_rows($result);

 

    if ( $num != 0 ) {

 

        // A matching row was found - the user is authenticated.

      session_start();

  list($userid,$username) = mysql_fetch_row($result);

// this sets variables in the session

$_SESSION['user']= $username; 

 

 

 

if (isset($_GET['ret']) && !empty($_GET['ret']))

{

header("Location: $_GET[ret]");

} else

{

header("Location: myaccount.php");

}

//echo "Logged in...";

exit();

    }

 

header("Location: login.php?msg=Invalid Login");

//echo "Error:";

exit();

}

 

The database is connected fine aswell, havent missed that, it all works, just need help with this particular aspect. Thanks

[gevans]

You're not checking if the user is already logged in. When you get to login.php check if the user is logged in, if they are, redirect.

[onthespot]

What function do i use to check that? Im struggling on this more than I should be. Cheers dude

[GingerRobot]

You need to check if $_SESSION['user'] has been set -- use isset

[gevans]

<?php
if(isset($_SESSION['user'])) header('Location: index.php');

 

Add the above code after your start_session() code.

[onthespot]

Ok ill give that a go, i tried to make a second session variable called "logged_in" but that didnt work, of course this is the way, these little things always make you learn for the future. Thankyou

[onthespot]

Just attempted that, and as soon as I go to login.php, as im already logged in, it trys to redirect me to where i should be, however, it then says im stuck in a loop.

 

I just considered this, and thought that if that code you gave me was applied to all pages, in a include sessions file, would that cause the redirected page to load over and over and over, because im already logged in.

 

This must only be applied to pages that the user would not see if logged in?

[gevans]

Yes, you only apply this to the login page (or other restricted pages).

 

By adding it to index.php your code is checking if you're logged in. If you are it redirects you to the index page, checkes if you're logged in and redirects to the index page etc....

[onthespot]

Thankyou this is now solved cheers fella