[SOLVED] How would I not allow access to member.php

[Irresistable]

I have a "Keep me logged in" feature.

Member.php checks cookies to see if the "keep my logged in" cookie is there.

if true, it registers a $_SESSION['s_logged_n']

If that cookie isn't there, it checks if $_SESSION['s_logged_n'] is activate. Then displays the page.

Else direct to login.php

 

This doesn't allow access to those who are not logged in. When a user logs in on the login form, it gets directed to "member.php?$username"

Although, if you manually type the URL "...member.php" It does direct you to YOUR members page.

 

How do I get it so it either checks something like

 if (URL == member.php){ header("location: member.php?$username"); } 

 

Or something like.

 if (URL == member.php){ echo 'This is not your Control Panel, you do not have access to this page.'; } 

 

If the above wasn't clear to you, I want users to only be able to access there own control panel using the required URL member.php?$username, instead of member.php.

[.josh]

you are redirecting it to the same page...so there's no need to redirect it...just change your condition to automatically grab it in the first place, if not from the url, then from the session variable (or kick them to the login if neither exist)

[Irresistable]

Yes, but what I'm saying is.. how do I prevent users from accessing the URL as member.php

I don't think I quite understood what you were trying to say.

[.josh]

okay it looks like your goal is that you WANT users to access it when they are logged in, you already have stuff in place to only let them access it if they are, but you only want them to access it if $username is in the url.  Well if they are already logged in, and you are just redirecting to the same page except putting their already established username in the url...that means you must already have that info in the session somewhere, so there's really no point in redirecting like that.