User Login Problem

[hhisc383]

Hey everyone. I have a problem with User Login...

I have a script that, once someone logs in, it redirects them to a page specific to them. The only problem is, if they bookmark that page, they can go right back to it without logging in. I need a script that will do the following:

If anyone tries to go to the page that they are suppost to be redirected to without logging in, I need it to send them automatically back to the login page so they can log in.

Any ideas? Thanks

[trochia]

use cookies, sounds like you are not expiring after the logged session ends

[Jessica]

check if they are logged in on the page, and if not, send back. It depends on how you're doing your "login"

[hhisc383]

the login isn't secure. if anyone types in the redirect address, they can view the page. i need something that will kick them out if they try to go without logging in. Here is a script I got that I coudln't get to work...but it might just be because i'm new to PHP:

php:

session_start();
if (login is valid)
{
  $_SESSION['loggedin'] = true;
}


then on the page you are trying to protect, at the top of the page


php:

session_start();
if (!isset($_SESSION['loggedin']))
{
  header('Location: http://domain.com/login/');
  exit();
}

[Jessica]

What doesn't work? Errors, what? The fact that if (login is valid) isn't actually code? We can't help you unless you describe an actual problem, not just a vague problem.

[hhisc383]

ok the first code comes up with this error:

Parse error: parse error, unexpected ')' in /home/content/l/a/s/lastdetailwd/html/login/login.php on line 3


I don't know what's wrong with it...

[hhisc383]

i'm new to php...sorry.

does something else have to be changed in this line:

if (login is valid)

should (login is valid) be something else?

[Jessica]

Does that look like code? I mean, you can write code which looks pretty similar to english, but that contains no variables, functions, or operators. It's just English.

[hhisc383]

yes i know. it's the script that was given to me. i'm not sure what to change it to. do you have any idea what it should be so it will work?

[Jessica]

No, I didn't write your login form either.
How does the system check if a username and password are right? That's what you need to check I guess.

[hhisc383]

this is how it checks the login information:


session_start();

//check to see if the user already has an open session
if (($_SESSION[user_name] != "") && ($_SESSION[password] != ""))
{
header("Location:$_SESSION[redirect]");
exit;
}

//check to see if cookies have been set previously
if(($lr_user != "") && ($lr_pass != ""))
{
header("Location:redirect.php");
exit;
}

//if neither is true, redirect to login
header("Location:login.php");

[trochia]

are variables set?

http://us3.php.net/manual/en/function.session-start.php

[Jessica]

How do the cookies and session ever start though?


This is a bit insane. I hope someone with a longer temper comes to help you. Good luck.