Web siteme bir temel şifre korumalı alana inşa ediyorum ve ben bir giriş formu var.

<!-- login.php -->
<?php
session_start();
?>
<?php if(!empty($_SESSION['user'])) { ?>
<form>
    <input type="text" name="username" />
    <input type = "password" name = "password" />
    <input type="submit" value = "login" />
    <input type="hidden" name="token" value="KdasS2wFgw24F7hh" />
</form>
<?php } else { ?>
You are already logged in.
<? } ?>


<!-- dologin.php -->

<?php
$allowed = //sql checking db
if($allowed > 0) {
    $_SESSION['user'] = $row['user_id'];
}
header("Location: login.php");
?>