I am trying to make something where if a user tries to execute a function in my system when they are not logged in, it will popup a message saying they can't do it because they aren't logged in. They are then sent to the login screen when they press ok.
I also want it to redirect users back to the login screen if they type the url in directly, but this time without an error message.
I have:
$components = explode('/', $url, 3) ;
if(!isset($_SESSION['loggedin']) && $components[0] != 'access' && $components[0] != 'login')
{
echo json_encode('{"error": 2000, "msg": "You must be logged in to do that."}') ;
return false ;
}
Which is fine for Ajax, but wouldn't work if the url was typed in. The $components[0] != 'access' etc is to just stop this condition executing if the user is on the login screen.
How can I do this without the header location effecting the Ajax call and also not simply echoing the error message when the user visits a forbidden url?