redirect a user to the homepage when he access a page without logging in

Question

Well I have a question, See for example I have some web pages on my website like profile.php , photos.php and some more

Okay when user logs in he will be redirected to his profile.php but i got a question suppose if user enters this url without logging in like www.somewebsite.com/profile.php and hits enter. The browser will direct him to the profile.php page and the profile.php throws out errors like undefined variables and all because we load the profile.php page according to user input on the homepage

So I want to redirect user to homepage whenever he opens any webpage on mywebsite and send him a message that please login to continue.

So then I thought and I got a solution. I thought to use session_start() and give some session value on the index page and in all other pages i would check isset() so if session is set profile.php page executes else it will redirect him to homepage

Something like this

all otherwebpages will have this on the top

    <?php
    session_start();
   if(!(isset($_SESSION['unique'])))
    {
    header("Location: www.someexample.com");
            exit;

    }

but let me know is this the way to do? or is it a bad way of doing it? are there any better solutions in doing so. any help is greatly appreciated.Thanks

Answer 1

First, fix the errors that you get in your profile page if you access it directly.

This is most likely because you're accessing indexes that don't exist in your POST or GET variable.

Instead of doing this (assuming you are POSTing

$username = $_POST['username'];

Do this

$username = isset($_POST['username']) ? $_POST['username'] : '';//won't throw error

As for your session issue, have a file called (for example) loginCheck.php

Inside that file, you should have something like the following

   //session_start(); //session_start should be in an application wide global file

   //this code should only be in pages where you want to have login enabled
   if(!isset($_SESSION['user_logged_in']) || !$_SESSION['user_logged_in']) {
      header("Location: URL_TO_LOGIN_PAGE");
      exit;
   }

In your login page, after you've logged the user in successfully, set the variable in the session

//login success
$_SESSION['user_logged_in'] = true;
//store other stuff in the session like user settings and data

And when the user logs out

//login success
$_SESSION['user_logged_in'] = false;

Note that it's better to have two global common files. One that initializes your application and that is included in all your scripts (that starts the session as well) and another page that is included when you want to close off parts of the system that does the session check.

Answer 2

One better way to do it would be include a file like this on every page,

require('secure.php'); // MAKE SURE PAGE IS SECURE AND USER LOGGED IN

And secure.php would look like,

session_start(); // START SESSION
session_regenerate_id(); // REGENERATE ID OF SESSION
if(!isset($_SESSION['genuine'])) {
    header('Location: http://www.example.com');
    exit();
}

Answer 3

This is a pretty common way if doing this. Once after login you write into user session some data identifying this session as logged-in one. It can be a flag like you do, or more convinient - you can store some useful user information wich simplifies access to it on the another pages. For example the logged-in session:

$_SESSION = array(
    'isLogged' => 1,
    'user' => array(
        'id'        => 2134,
        'username'  => 'timwy',
        'firstname' => 'Tim',
        'lasname'   => 'Wood'
    )
)

Now on each page first of all you check if the value isLogged is set. This is just an example.

Answer 4

This way is right too.

But to optimize it you can write this session check code in one common file say header.php , & include this file in all other files which will reduce your efforts.