ncurran217 Posted January 4, 2013 Share Posted January 4, 2013 So I am new on using the SESSION variables in PHP. I have created a simple login screen. Not trying to be to secure with it, just wanted it to be a simple login so a certain field was filled in and the user cannot change the Rep field. Anyways, I have put this at the top of the page where it goes to when they login in the username and password are correct: <?php session_start(); if(isset($_SESSION['forteid'])) { header("location: index.php"); } else { header("location: login.php"); } ?> When I log in the page comes up with: This webpage has a redirect loop. The webpage at http://cslogs:8081/test/index.php has resulted in too many redirects. I am new with this so not sure how to fix this one or haven't found a way to attempt to fix it. Basically I want it to where they can't just type in http://cslogs:8081/test/index.php in the address bar and get to the screen without logging in, which the login page is just login.php. Thanks in advance. Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 4, 2013 Share Posted January 4, 2013 You'll have to check if you're at login.php before executing that code. Quote Link to comment Share on other sites More sharing options...
ncurran217 Posted January 4, 2013 Author Share Posted January 4, 2013 (edited) Ok, makes sense, would you be able to point me in the direction on how I would do that? Or a bit of the code that I can research?! Edited January 4, 2013 by ncurran217 Quote Link to comment Share on other sites More sharing options...
ncurran217 Posted January 4, 2013 Author Share Posted January 4, 2013 Well I found out what I was doing wrong. Thanks for the help anyways. <?php session_start(); if (!(isset($_SESSION['forteid']) && $_SESSION['forteid'] != '')) { header ("Location: login.php"); } ?> And it works! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 4, 2013 Share Posted January 4, 2013 You need a exit; statement after your header() redirect to prevent the rest of the code on your 'protected' page from running while the browser is preforming the redirect. Without an exit; to stop the script, all anyone needs to do is ignore the redirect and they can access your 'protected' pages the same as if you didn't have a log in system at all. Quote Link to comment Share on other sites More sharing options...
bashy Posted January 5, 2013 Share Posted January 5, 2013 You do indeed need exit(); after a header() as said above. You should also do this; if(!isset($_SESSION)) session_start(); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 5, 2013 Share Posted January 5, 2013 If you are conditionally starting your session, it means you might have already started it somewhere else in your code. That would indicate code that is out of control, requiring extra code to compensate for a messy design. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.