Loading a page when logging in and only when logging in

Question

I have a login page that when you login in successfully you will be redirected to a page called gallery.html. However, when you type in the url with /gallery.html it will take you to the page that im trying to secure with logging in. What's the best way to use a conditional statement to prevent the page from being opened by typing in the exact URL? like a check before the page starts to load,

Answer 1

I like to create a function to handle this kind of thing:

function loggedin() {
    if ( isset($_SESSION['user_id']) ) {
        return true;
    } else {
        return false;
    }
}

Or something shorter using a ternary operator:

function loggedin() {
    return (isset($_SESSION['user_id'])) ? true : false;
}

Now to make the check, simply call the function within an if statement:

if ( loggedin() ) {
    // only logged in users can see this
}

OR

if ( !logged_in() ) {
    // only users who aren't looged in can see this
}

Much easier than typing something like if (!isset($_SESSION['user_id'])) { every time!

Answer 2

Easiest way is using php. Save your gallery.html as gallery.php or enter below code on top of the gallery.html page before all the coding. Then use a SESSION variable ($_SESSION['userID'] in here) to store current login details.

<?php if(! isset($_SESSION['userID'])){ //userID or something to identify the user header('Location:login.php'); //redirects to the login page }else{ header('Location:gallery.php'); //redirect to the gallery.php for valid login } ?>

Answer 3

You need to set your login status in sessions and check for the session in your to-be-secured pages.

  <?php 
        session_start();
        if (!isset($_SESSION['login_status'])) {
              // Add permission denied message or redirect back to the login page
         }

   ?>

However, this can be done in PHP pages, not in a page with .html extenstion (unless you have explicitly specified your web server configuration with an "AddType x-httpd-php .html" directive.)

Answer 4

You have to set the cookie or session once the user is logging in. so you will set the session or cookie for the user. Every time while entering that particular url you have to check the session for showing that page or else redirect to the login page

Answer 5

Use $_SESSION variable in gallery.php to check if the $_SESSION is set.

Although, I believe you will have to change the file name from gallery.html to gallery.php

    <?php
    if (!isset($_SESSION['secret_variable'])
    {
        echo "<br/>Error Message<br/>";
        return;
    }
    ?>

Continue with the rest of the code. If the user access the gallery.php by specifying the URL, he/she will end up with Error Message.

The $_SESSION['secret_variable'] should be set after you figure out that the user has a valid username and password to ensure a valid login.

Thanks.. :)

Answer 6

There is no way of preventing someone from typing in the URL and requesting the page. THe only thing you'll be able to do is check if they are logged in on the page itself.

Answer 7

Simple, Use session variable on log-in, redirect the user to gallery.html if the session id is set, otherwise redirect to login page, something like this

if($_SESSION['userid']){
  header( 'Location: gallery.html' ) ;
  exit();
}elseif($_SESSION['userid'] == ''){
  header( 'Location: login.html' ) ;
  exit();
}

Answer 8

if you want to not show gallery.html to anonymous user, use this code at top of page

if(!isset($_SESSION['your_user_login_id']))
{
    //redirect to home page
}

this code will prevent from anonymous user to view this page.