0

Here's my sample code for preventing user from entering the page using direct URL

    <?php
    ob_start();
    include("../include/userlogin.php");
    include('../include/database.php');
    if(!isset($_SESSION)) 
    { 
        session_start(); 
    } 
    if($_SESSION['usertype'] != "admin"){
        $_SESSION['message'] = "You cannot access only admin is allowed!";
        header("location: login.php?success=1");
    }
    ob_end_flush()
    ?>

How to achieve this after the user successfully logged in, how can I prevent that user from going back to login page by clicking the back button in google chrome?

Sammitch
  • 30,782
  • 7
  • 50
  • 77
Janbres Gagaracruz
  • 88
  • 8
  • 3
    In the login page, check if the user is logged in. If they are, redirect them to another page. – Wais Kamal May 07 '21 at 17:50
  • You can check if the session is not empty, take a look at here, hope you get the idea https://stackoverflow.com/questions/1519818/how-do-check-if-a-php-session-is-empty – Ali.Ghodrat May 07 '21 at 17:53

2 Answers2

2

You can have another session variable to be TRUE when login is successful and false if not successful. Then you can check if the variable is true on the login page and redirect the user to the required page.

Israel Nkum
  • 104
  • 1
  • 4
1

The $_SESSION container can store when a user was logged in and will be unset when not.

<?php

session_start();

if(isset($_POST["login"])){
    $user = "";
    $passwd = "";
    if(isset($_POST["user"]))
        $user = $_POST["user"];
    if(isset($_POST["passwd"]))
        $passwd = $_POST["passwd"];

    if(stripslashes($user) == "user" &&
        stripslashes($passwd) == "passwd")
    {
        $_SESSION["user"] = "user";
    }
}
if(isset($_GET["logout"]))
    session_destroy();

if(isset($_SESSION["user"]) && $_SESSION["user"] != "user")
    include "internalPage.php";
else
    include "loginPage.php";
Aak
  • 182
  • 9