This is the part that redirects in the "login.php" file.
if(isset($_SESSION['user'])){
if($_SESSION != ''){
header("Location: home.php");
}
}
This redirects from "home.php" file.
if(!isset($_SESSION['user'])){
header("Location: login.php");
}
if($_SESSION['user'] == ''){
header("Location: login.php");
}
How does this loop?
if($_SESSION != '')
This is always true. So, your $_SESSION['user'] is an empty string and from home.php you will redirect to login.php. Here $_SESSION['user'] is set, so you will redirect to home.php as well.