Home/ Questions/Q 9191967
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T20:48:53+00:00

I have followed MVC Pattern In my PHP pages. I have created a controller

  • 0

I have followed MVC Pattern In my PHP pages. I have created a controller page for every view page and which will interact with Model page. I have checked the Login of the User on the Top of the every View page. But I have Never checked in Controller page. Since It is possible to anyone enter directly to controller page and may change database content.

So anyone please tell me, is it possible to enter into database through controller page. And whether I need to check Login of the User in controller page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I understand correctly, you are putting a LOGIN check at the top of every linked page from your controller page (assuming your index.php).

    If so, then you don’t need to do a login check at the top of every one of your linked pages, only from the index.php. If your login succeeds at the top of your index.php, then you continue on to include your destined view page.

    For example (in your index.php)

    <?php

if ( !$user->checkSession() )
    header('Location: login.php');

if ( $_GET['p'] == 'viewPageName' )
    include('modules/viewPageName.php' )
elseif and so on

?>

    EDIT

    Now I have a better understanding of your question.

    Solution 1:
    In your index.php (place at top)

    <?php
define('DIRECT', true);

your login check, etc...
?>

    In your other files, put at the top

    <?php
if (!defined('DIRECT')) die('No direct access is allowed');

other code, etc...
?>

    Solution 2:
    Put an .htaccess file in the folder where all your other files are located, and deny direct access to those files.

    Put in the .htaccess the following:

    deny from all

    Solution 3:
    Well, assuming you’ve defined the $db file at the index.php and have set the class up in your index.php, your other files will return errors because you didn’t define your DB class in them.

    In other words, if you defined $db = new Database(); in your index.php, your other files will get an error if you try to access directly because $db has yet to be defined in them.

    • 0