stackoom
  简体   繁体   中英

Redirect a logged in user from login page to user dashboard with php

 原文  2015-04-15 01:49:41       javascript/ php/ mysql/ function/ redirect

Question

I need your help to manage a php page with redirection function.

I want my logged in users to redirect to user dashboard instead of displaying login page by typing address in Browser's address Bar. How to prevent users to display login page

Login page codes are given below 

<?php 

include 'dbc.php';

$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
    $data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['user_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
            AND `banned` = '0'
            ") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num > 0 ) { 

    list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);

    if(!$approved) {
    //$msg = urlencode("Account not activated. Please check your email for activation code");
    $err[] = "Account not activated. Please check your email for activation code";

    //header("Location: login.php?msg=$msg");
     //exit();
     }

        //check against salt
    if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
    if(empty($err)){            

     // this sets session and logs user in  
       session_start();
       session_regenerate_id (true); //prevent against session fixation attacks.

       // this sets variables in the session 
        $_SESSION['user_id']= $id;  
        $_SESSION['user_name'] = $full_name;
        $_SESSION['user_level'] = $user_level;
        $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

        //update the timestamp and key for cookie
        $stamp = time();
        $ckey = GenKey();
        mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

        //set a cookie 

       if(isset($_POST['remember'])){
                  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                   }
          header("Location: dashboard.php");
         }
        }
        else
        {
        //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
        $err[] = "Invalid Login. Please try again with correct user email and password.";
        //header("Location: login.php?msg=$msg");
        }
    } else {
        $err[] = "Error - Invalid login. No such user exists";
      }     
}



?>

2 answers

solution1
 0  2015-04-15 02:50:49

You already have a session with the user data, so, it's simple, save the status in the same session and make a verification on the top of your script. Like this

Put this in your code 

    // this sets variables in the session 
    $_SESSION['user_id']= $id;  
    $_SESSION['user_name'] = $full_name;
    $_SESSION['user_level'] = $user_level;
    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
    $_SESSION['status_logged'] = true; //new line

And put a verification on the top: 

    if (isset ($_SESSION['status_logged']) && $_SESSION['status_logged'] == true) {
        header('Location: yourDashboardPage.php');
    }
    else {
        $_SESSION['status_logged'] = false;
    }

solution2
 0  2015-04-15 04:53:40

I put your codes like this but got no effect. So please elaborate well and give example how to do it exactly. 

<?php 

include 'dbc.php';

if (isset ($_SESSION['status_logged']) && $_SESSION['status_logged'] = true) {
        header('Location: dashboards.php');
    }
    else {
        $_SESSION['status_logged'] = false;
    }

$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
    $data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['user_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
            AND `banned` = '0'
            ") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num > 0 ) { 

    list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);

    if(!$approved) {
    //$msg = urlencode("Account not activated. Please check your email for activation code");
    $err[] = "Account not activated. Please check your email for activation code";

    //header("Location: login.php?msg=$msg");
     //exit();
     }

        //check against salt
    if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
    if(empty($err)){            

     // this sets session and logs user in  
       session_start();
       session_regenerate_id (true); //prevent against session fixation attacks.

        // this sets variables in the session 
    $_SESSION['user_id']= $id;  
    $_SESSION['user_name'] = $full_name;
    $_SESSION['user_level'] = $user_level;
    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
    $_SESSION['status_logged'] = true; //new line

        //update the timestamp and key for cookie
        $stamp = time();
        $ckey = GenKey();
        mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

        //set a cookie 

       if(isset($_POST['remember'])){
                  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                   }
          header("Location: dashboard.php");
         }
        }
        else
        {
        //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
        $err[] = "Invalid Login. Please try again with correct user email and password.";
        //header("Location: login.php?msg=$msg");
        }
    } else {
        $err[] = "Error - Invalid login. No such user exists";
      }     
}



?>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Redirect user to login page from JQuery autocomplete if not logged in Redirect user from the dashboard page to login page when user click on logout button How to redirect to dashboard if user is logged in with AngularJS? Redirect to a login page if the user is not yet logged in Angular JS How to redirect to /dashboard public routes /login and /register if user is logged in and in all other cases show public routes? redirect user to login page Node.js redirect to login if user is not logged in How to prevent user from seeing login page after logged in? how to redirect user to login page with Opencart - check if user is logged in and redirect to accounts page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM