Home/ Questions/Q 9180477
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T18:03:56+00:00

After it has been confirmed that the user is logged in, how should pages

  • 0

After it has been confirmed that the user is logged in, how should pages only members are allowed to see be shown?

For example

<?php
    start_session();
    if(isset($_SESSION[userLoggedIn]))
        echo 'welcome to the members area!';
    else
        echo 'You must log in first';
?>

OR

<?php
    start_session();
    if(!isset($_SESSION[userLoggedIn]))
        goto notLoggedIn;
?>
    welcome to the members area!
<?php
    notLoggedIn:
        echo 'You must log in first';
?>

OR

<?php
    start_session();
    if(isset($_SESSION[userLoggedIn]))
        include members.html;
    else
        include public.html
?>

I don’t like having too much HTML inside PHP.

When using the include/require solution, how do I make it so people can’t just go access the html file directily? For example include members.html; what’s stopping a user to type in the url ~/members.html? ATM I’m using WAMP but I’m guessing there’s a setting on the server?

EDIT: Ok this is what my plan is: create two directories public and private and make the webroot public. I’m going to have 1 page that checks to see if the user is logged in and if so the value from $_GET[‘destination’] will be used to include the correct page from the private directory. Any pitfalls I haven’t thought of?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t like having too much HTML inside PHP.

    Good. Then move your HTML into HTML templates that handle the presentation logic:

     start_session();
 if(isset($_SESSION['userLoggedIn'])){
    require 'public_html/logged_in.php';

 }else{
    require 'public_html/public_area.php';
 }

    Better yet, create a function that loads these templates, like:

    function load_template($file, array $vars){
  extract($vars);
  unset($file, $vars);
  require func_get_arg(0);
}

    When using the include/require solution, how do I make it so people
    can’t just go access the html file directily?

    A few ways:

    • define a constant in the main script; check if this constant is defined in your template, exit if not
    • or pass a variable to your template that does the same thing
    • or put these templates outside the web root
    • or protect them with .htaccess rules

    I’m assuming here these templates are also PHP scripts. But of course you can also use some kind of templating system on top of PHP, or create your own…

    • 0