Usually with most sites, it is very natural to have two kind of areas. Logged in area, Unlogged area.
The below code chunk is about how to efficiently restrict access for a user , who is supposed to be in either of these areas but not both.
so here is the technique:
1) Set up a session variable, as soon as he/she is logged in.
$_SESSION['loggedin']='yes';
2)build an index of pages, to be viewed by logged in users only, and an index of pages to be viewd by unlogged users only.
$data=array('log'=>'member_profile.php,pay.php',
'ulog'=>'index.php,contact.php'
);
2)Now on top of everypage or in an global scope included file, keep this script which checks if the user on this page, is logged in or
not. If it is a page, meant to be viewd by a logged in user, and he is logged in nothing happens. If he is not logged in, he will be kicked out to login page.
a)get the script name
$sname=$_SERVER['SCRIPT_NAME'];
b) check to see if it is a logged in , or unlogged script
$found=0;
foreach($data as $key=>$val)
{
$data2=explode('',$val);
foreach($data2 as $val2)
{
//check to see if the script name exists
if($val2==$sname)
{
$found=1;
break;
}//inner for loop
if($found)
{
if($key=='log')
$logged_only=1;
else
$ulogged_only=1;
break;
}//if found
}
c)Now this script validates the user access.
if($_SESSION[loggedin]=='yes')
{
//Now we know he is logged in, and he is trying to
access this page meant for unlogged users using possibly backbutton.
So we have to stop him by redirecting him to first page he sees after
logged in, which in my case is profile.php
if($ulogged_only==1)
header('Location:profile.php');
}
else
{
//Now we know he is not logged in, and he is
trying to access this page meant for logged users possibly by typing
URl in browser button . So we have to stop him by redirecting him to
login page prompting him to log in, which in my case is login.php
if($logged_only==1)
header('Location:login.php');
}
"
Hope this helps,
Suneel Kanuri
http://jmanage.coolguide.net
