Sorry about posting another PHP thread! It may be another one I'm crap at explaining too.
Right, I've got a working registration and login page but now I actually need to setup a "check" for each restricted page to see if the user is authenticated.
So far I've just got this included on each page I want to be restricted but I was hoping for a more elegant solution which I didn't have to remember to include each time:
I've only got 3 pages which don't need authentication - they are /login, /register and the index /. I was thinking maybe it would be easier to deny access unless it's either of these 3 pages (or if the user isn't logged in).
Is this is an acceptable idea? and if so, would anyone be able to give me a hand implementing it?
I've now got everything going through a "singe point of entry" which should be an ideal place to do the check but I can't figure out the final part of actually checking which page the user is viewing.
Any help would be appreciated.
Right, I've got a working registration and login page but now I actually need to setup a "check" for each restricted page to see if the user is authenticated.
So far I've just got this included on each page I want to be restricted but I was hoping for a more elegant solution which I didn't have to remember to include each time:
PHP:
if(!isset($_SESSION['auth']) || $_SESSION['auth'] != 1){
die("not authorised");
}Is this is an acceptable idea? and if so, would anyone be able to give me a hand implementing it?
I've now got everything going through a "singe point of entry" which should be an ideal place to do the check but I can't figure out the final part of actually checking which page the user is viewing.
Any help would be appreciated.
Last edited: