I am trying to make a website with a login form in php. The login documents that I have are:
login.html - is the login formloginproc.php - is where the data from the form is compared to my database and if a username and password exist in my database, it will take user to admin.phpadmin.php - is the admin section.
What I want to do is if the user puts in the URL index.php?page=loginproc, I want the user to be redirected to index.php?page=login. I have tried to do this with the code below.
else if ($_GET['page'] == 'loginproc' && !isset($_SESSION['username'])) {
header("Location:index.php?page=login");
}
My login form index.php?page=login should be able to go to index.php?page=loginproc but I want index.php?page=loginproc to be accessed when the user logs in not any time else.
Maybe you can use something like this:
if (stripos($_SERVER['HTTP_REFERER'], "index.php") === false) {
exit;
}
You need to set in header or the area which is called on every page
$page = $_SERVER['HTTP_REFERER'];
$user = $_SESSION['session_token'];
$userRole = $_SESSION['session_token_role'];
if($userRole != 'adminId'
&& $page != 'policy.php'){
continue;
}