Hi Guys,
I’m having trouble with the below authentication check. If I try to access an area you need to be logged in to view without logging in I’m getting an infinite refresh loop on that page instead of being redirected to login.php. Problem is I can’t think of any other way to redirect, the Location header doesn’t work unless it’s first in the php script and up until now the refresh meta tag was working perfectly for all other redirects.
<?php
include('session_connection.php');
$loggedIn = false;
$sessionid = session_id();
$sessionQuery = "Select * from Users where SessionID = ". $sessionid .";";
$result = mysql_query($sessionQuery);
if(mysql_num_rows($result) > 0)
{
$_SESSION['user'] = mysql_fetch_assoc($result); //stores the row of user data in the 'user' reserved session array
$loggedIn=true;
}
else
{
if(basename($_SERVER['PHP_SELF']) != "login.php") //basename clips to the end of a url and _SERVER['PHP_SELF'] is a reserved variable holding the location of the currently executing script
{
echo '<META HTTP-EQUIV="Refresh" Content="0"; URL="login.php">';
exit;
}
}
?>