如何鎖定未登錄用戶的頁面

Question

如何在用戶嘗試訪問index.php時訪問index.php但未登錄get的重定向到login.php？

編輯

我還沒有嘗試任何事情，我只有代碼登錄用戶

Answer 1

你需要一個會話varaiable集：

// Required to set and read sessions 
session_start(); 
// Conditional if logged in 
if(isset($_SESSION['username'])) { 
     // do logged in stuff 
    } 
else 
    // Redirect if not logged in 
    header("Location: login.php"); 

Answer 2

當您啓動用戶會話，設置一個$_SESSION變量：

/* login_submit.php */ 

// Check if username and password are correct 
if ($username == $valid_username && $password == $valid_password) { 
    session_start(); // Start the session 
    $_SESSION["session_secret"] = "a_secret_string"; // Set a secret variable 
    header("Location: index.php"); // Redirect the user to index.php 
} 

然後，檢查該變量，看是否有用戶登錄：

/* index.php */ 

// Resume the session 
session_start(); 

// Check if the user is logged in 
if ($_SESSION["session_secret"] != "a_secret_string") { 
    // Nope! This user is NOT logged in! 
    header("Location: login.php"); // Redirect the user to login.php 
    exit(); // Exit the script so code doesn't get leaked 
} 

// Code for logged in users goes below 

記住，當用戶註銷使用session_destroy();