Simple answer is because they can access the login page ( even when logged in ).
Why == because there is nothing to stop them accessing the page.
You need something to redirect them away from that page.
Not knowing what TBDev version you are using - this is off the top of my head and un tested.
login.php
Find
Code:
require_once("include/bittorrent.php");
dbconn();
Add this below
Code:
if ($CURUSER)
{
header("Location: index.php");
exit;
}
Hope this helps.