form-validation/session_checks.php at master · aimaaan/form-validation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
session_start();

// Initialize "loggedIn" session variable if it doesn't exist
if (!isset($_SESSION["loggedIn"])) {
    $_SESSION["loggedIn"] = false;
}

// Access session variables
if ($_SESSION["loggedIn"]) {
    echo "Welcome, " . $_SESSION["email"];
}

// Check for session expiry or forced logout
if (isset($_SESSION['expiry_time']) && time() > $_SESSION['expiry_time']) {
    // Save the intended destination before destroying the session
    if (isset($_SESSION['redirect_after_login'])) {
        $redirectAfterLogin = $_SESSION['redirect_after_login'];
    } else {
        // Default redirection if the expiry_time is reached and redirect_after_login isn't set
        $redirectAfterLogin = 'form.php';
    }

    // Destroy the session and start a new one for the redirect
    session_destroy();
    session_start();
    $_SESSION['redirect_after_login'] = $redirectAfterLogin;

    header('Location: index.php'); // Go to login page
    exit();
}

if (!isset($_SESSION['user_id']) || !isset($_SESSION['email'])) {
    // Store the current URL for redirection after login
    $_SESSION['redirect_after_login'] = $_SERVER['REQUEST_URI'];

    header("Location: index.php"); // Redirect to login page
    exit();
}

// If the user is logged in and attempts to access the login page,
// redirect them to their intended page or a default page.
if ($_SERVER['REQUEST_URI'] == 'form.php' && isset($_SESSION['redirect_after_login'])) {
    $redirectURL = $_SESSION['redirect_after_login'];
    unset($_SESSION['redirect_after_login']); // Clear the redirection target after use
    header("Location: $redirectURL");
    exit();
}