How to check if a user is logged in or not?

Question

I have two forms. One is for the registration form and the other is the login form. My login form is already working but when I try to access the registration from in localhost instead of prompting me the login page, I can still be able to access the registration from which is wrong.

It should prompt me to the login form first because I am not yet logged in.

How would I do it?

Answer 1

Here's one approach.

I assume you have a library script that's loaded by your pages. Somewhere in there, define a session on every page:

session_start();

Then, when the user logs in with valid credentials, save some information into the global $_SESSION array. For example, if you had a login($username, $password) function that returned a row from your user database (or a user object):

if ($user = login($username, $password)) {
    $_SESSION['user'] = $user->id;
    // Probably store some other stuff about the user here too
}

To check if you're logged in:

if (!empty($_SESSION['user'])) { /* .. */ }

And to log out:

$_SESSION['user'] = false;

Or

unset($_SESSION['user']);

Obviously this is simplistic, and you'll probably want to look at things like:

• Changing the default session ID with the session_id($id) function
• Creating an object or a series of functions around your session
• Auto-populating and refreshing information about your user

But this is a start.

Also see:

• The PHP session functions: http://us3.php.net/manual/en/ref.session.php
• How this is done in a real life PHP social networking engine: https://github.com/Elgg/Elgg/blob/master/engine/lib/sessions.php

Answer 2

Take a look at PHP Sessions. You can use $_SESSION to store peristent information about user, whether they have already registered or not.

Answer 3

You should check which form was submitted in your php code using the name attribute of your forms. So if your login form has the name="loginForm" and registration has name="regisForm"then in your code do this

  if(isset($_REQUEST['loginForm'])) {

     ...//do something with loginForm
  }
  else if(isset($_REQUEST['regisForm'])) {

  ..//do something with regisForm

 }

Answer 4

You have to store the information on whether the user is signed in or not in a way that enables you to check for it on every subsequent page. Usually this is done using the so called sessions - details would be too much for this anwer here - I strongly suggest you learn about sessions in PHP. Another (simpler) way would be to store the fact that the user is signed in in a cookie, but this is usually not as good as it can be tampered easily. But using cookies might be the quick and dirty approach until you learn the details of session variables. In any way you have to learn more for accomplishing your goal here. You might find that the easy looking tasks can become quite complex when you start implementing them. The easier things are for your users, the more work the coder has to do. But that's also what makes coding interesting in the long run... Don't give up.