-1

I want to learn something, that I couldn't find on the internet. I create a simple website, more like a simple web app, we the following structure.

index.php --> handles log In or Register
home.php --> main state of website.

So basically I want when a user log in, the website will direct him to home.php. I did it already. But I get a really annoying bug. If I redirect bruteforce in www.someexample.com/home.php, the user can bypass the main log in screen. O.o
So I thought that if I can use a session checker to see if the user is log in or just a brute forcer -sorry about the bad term- the website will redirect him to log in screen. And if the user don't want every time to log in he can check a Remember me button to remember the session. So in the end I want to have two methods. one to check if a user is log in or not and the other to save his session even after if he close the computer until he poush the log out button.

I have checked many articles on the web but I couldn't find how to start in my own project. Can you guys help me start of with a basic structure. i use MySql.

chris85
  • 23,846
  • 7
  • 34
  • 51
GeorgeG
  • 31
  • 4
  • this is just basic login stuff. And you haven't even added any code of what you alread tried. We are not here to do your homework. Come with some code that doesn't work (not all of it) just parts. – SuperDJ Sep 04 '15 at 12:34

1 Answers1

0

It sounds that this is an asked/answer. You need a redirect. Have them login at the index.php page and post back to it. Have it check the login for it to be correct and if it is then redirect to home.php with a posted hashkey to check against so that you know that the login was valid. You can skip the cookies altogether which some browsers have turned off regardless.

See here for how to redirect.

Community
  • 1
  • 1
Rabbit Guy
  • 1,840
  • 3
  • 18
  • 28