Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
pavlyk2017-07-25 00:33:04
PHP
pavlyk, 2017-07-25 00:33:04

What should be the correct authorization on php?

I read many different articles, in the end I was completely confused.
Tell me what should be the simplest but correct authorization on the site.
There is a site in which on index.php I have 2 login and password fields, when the user enters them and they match, there is a redirect to another script like this The idea is that only index.php is open to everyone, and then the user goes through all the redirects the rest of the pages. But only now I realized that the site is accessible without any password via the site.ru/main.php link. I tried to close everything except index.php via .htaccess (I planned to let it in from my own script), but it also doesn’t let me in when redirecting. I also read about the installation method in index.php and checks in other scripts
header("Location: main.php"); exit();
define('HIGHT', true);
if(!defined('HIGHT')) die('access denied');
But it seems that this only works if you include include , and not redirect to another page!?
I understand correctly that in the end I should have all scripts open to everyone (= site pages in my case), but I need to check at the beginning of each page that the user is authorized (using the session mechanism) and is this the only correct option?
Thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
Y
Yuri Esin, 2017-07-25
@pavlyk

It is best to implement site navigation through a design pattern, for example, the most classic MVC / HMVC or component ones. Then you will have only one entry point to the system and you will not have to write checks, includes, etc. in each script.
Further, regarding the authorization itself, there are also a lot of implementation options, but the most minimal and more or less correct option is to organize a check on sessions or cookies, check the presence of a session or cookies by the method, if any, the user is authorized, redirect from the authorization page to the desired one, or dynamically give content, depending on how your system is designed there. If not, give the content of the authorization page or redirect to it. SEO also affects here, if indexing of the authorization page is necessary, then only redirect.
For sessions to work, it is not necessary to include anything, the main thing is that session_start () is always executed at the beginning of the script. As a result, the check will work on all your page scripts, which should redirect if the user is not authorized.

Report
A
Arris, 2017-07-25
@Arris

I never get tired of advertising https://github.com/PHPAuth/PHPAuth
I use it myself (and had a hand in it).

Similar questions
R
Rooly2021-03-23 11:40:40
How to properly organize apiResource Laravel? 2Reply
S
Sergey Buben2016-06-16 11:37:54
How to add a second price in VirtueMart in Joomla? 3Reply
S
Steve2022-01-20 23:47:23
How to hide the real path to css? 3Reply
P
Petr2016-06-23 10:33:40
Convert from HTML to PSD? 3Reply
A
Artem Gvozdev2018-11-28 11:53:31
Using the weather API? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question