0

I have a simple login page which works fine, now i need to somehow intercept all incoming requests to my PHP app so i can check if a user is logged or not and accordingly allow or deny access.

Currently, if someone knows the url of a given resource, let's say http:\www.mystuff.com\page.html, he or she can access it directly. What i want to achieve is to have said access attempt validated so if the person has not logged in, instead of seeing page.html he or she gets an "access denied" page.

how can that be done?

JK.
  • 21,477
  • 35
  • 135
  • 214
Prefijo Sustantivo
  • 515
  • 9
  • 22
  • 2
    Look into sessions. You start a session on every page and then check to see if they're logged in. If they're not, redirect to log in page. – waterloomatt Jun 17 '19 at 17:28
  • 2
    `...intercept all incoming requests...` depends on how you implemented your application. Did you use a _front controller_ pattern or are they accessing the PHP scripts directly? You could look into using `auto_prepend_file` in which you'd check session status - https://stackoverflow.com/a/18075712/296555. – waterloomatt Jun 17 '19 at 17:30
  • @waterloomatt Actually the app is legacy code. Just a bunch of html pages and php scripts with no defined architecture. Your suggestion put me in the right track. thanks. – Prefijo Sustantivo Jun 18 '19 at 20:52

0 Answers0