PHP check if user are logged in

Question

Hi guys can someone helps me out. I have created this login system below and i need to check if the user is logged in before access the admin area "cpanel.php".

authorize.php

<?php

try {
    $dbh = new PDO("mysql:host=localhost;dbname=vbl", "root", "");
        } catch (PDOException $e) {
            echo $e->getMessage();
            exit();
        }

$query = "SELECT * FROM `users` WHERE LOWER(`username`) = :username";
$stmt = $dbh->prepare($query);
$stmt->bindValue(':username', strtolower($_POST['username']));
$stmt->execute();
if ($stmt->rowCount() == 1) {
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
    require('blowfish.class.php');
    $bcrypt = new Bcrypt(4);
    if ($bcrypt->verify($_POST['password'], $row['password'])) {
        header("location: cpanel.php");

        } else { 
            header("location: login.php");
    }

}

?>

BTW is it a okay way to make a login?

Answer 1

Follow these steps

Sept 1 : Set session about your login user details

session_start();
$_SESSION['user_name']=$username;
$_SESSION['user_role']=$role;

Step 2 : Access the session in any page

session_start();
if(isset($_SESSION['user_name']))
{
   //user logged in
   //do whatever you want
}
else
{
   //user did not logged in
}

Step 3: Destroy your user session at log out page

session_start();
session_destroy();

Once you create session in the login page you can use the session at any page in your application.