Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Members only area

Tags:

html

security

php

session

membership

When building a page that is to be accessible to members only, is the following the correct php:

<?php if($_SESSION['logged_in']): ?>

// all code for page here

<?php endif; ?>

Does all of my html / php sit between these two lines?

Are there any other ways of doing this that are better?

What security issues should I be aware of?

My content is not particularly sensitive but may be in the future.

like image 353
Richard Bell Avatar asked Mar 11 '26 05:03

Richard Bell

2 Answers

Speaking strictly in terms of writing legible code, why not:

<?php
if (!$_SESSION['logged_in']) {
   header("Location: login.php");
   exit;
}
?>

<!-- // all code for page here -->

Or similar.

like image 99
Lightness Races in Orbit Avatar answered Mar 12 '26 17:03

Lightness Races in Orbit

A better way might be:

<?php if(!$_SESSION['logged_in']) { header('Location:loginpage.php'); exit; } ?>

Then your page can continue as normal, and a user who isn't logged in will get the login page instead.

Edit: added the required exit call as per the header documentation.

like image 40
shanethehat Avatar answered Mar 12 '26 18:03

shanethehat
Sign in to Comment

Related questions

Why does identical redirect function give me different behaviour
Filter query by CURDATE()
running PHP application on IIS 7
How to "Trim" an Audio File in Java, C# or PHP (For Browser)
SVN for PHP/MySQL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!