0

I am trying to make a website with a login form in php. The login documents that I have are:

login.html - is the login form
loginproc.php - is where the data from the form is compared to my database and if a username and password exist in my database, it will take user to admin.php
admin.php - is the admin section.

What I want to do is if the user puts in the URL index.php?page=loginproc, I want the user to be redirected to index.php?page=login. I have tried to do this with the code below. 

else if ($_GET['page'] == 'loginproc' && !isset($_SESSION['username']))  {
        header("Location:index.php?page=login");
        }

My login form index.php?page=login should be able to go to index.php?page=loginproc but I want index.php?page=loginproc to be accessed when the user logs in not any time else.

Maytham Fahmi
  • 31,138
  • 14
  • 118
  • 137
mre12345
  • 1,087
  • 4
  • 16
  • 23
  • Use sessions (better choice) or cookies to store user logged credentials after user is loged. Then you can check if they are set. Here is one example: http://www.phpeasystep.com/phptu/6.html – bksi Aug 05 '15 at 00:26
  • And also there is similar question in SO: http://stackoverflow.com/questions/19531044/creating-a-very-simple-1-username-password-login-in-php – bksi Aug 05 '15 at 00:29
  • What is the problem? – Jafar Akhondali Aug 05 '15 at 00:29

2 Answers2

0

Maybe you can use something like this:

if (stripos($_SERVER['HTTP_REFERER'], "index.php") === false) {
   exit;
}
Prib
  • 88
  • 2
  • 4
0

You need to set in header or the area which is called on every page

$page = $_SERVER['HTTP_REFERER'];
$user = $_SESSION['session_token'];
$userRole = $_SESSION['session_token_role'];

if($userRole != 'adminId'
&& $page != 'policy.php'){
    continue;
}
Naveed Ramzan
  • 3,565
  • 3
  • 25
  • 30