Home/ Questions/Q 513331
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T07:24:42+00:00

This is maybe a stupid question, but I figured I’d ask before I did

  • 0

This is maybe a stupid question, but I figured I’d ask before I did something goofy:
I’ve got an web application with a custom Login dialog which takes a user/pass that gets sent to the server. If both match an entry in the database, then there is maybe 10 or so pages that the user gets access to (depending on the rights associated with that account)…pretty straight forward for the most part.

Of course, if the user attempts to access one of these pages without having actually logged in, or has insufficient privileges, then I’m required to bounce him or back to the Login page to type in a user name/password that would give them access.

My Question: It would seem that for me to do this, I am required to put a call at the top of each restricted PHP page which checks the credentials and redirects if they are missing or insufficient…Is this a sound approach? Or does PHP offer a more intelligent way which does not requires the call be duplicated in near-all pages of the application?

BTW: This is not an MVC app – Just straight PHP

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yeah; you’ll need to check on every page if this is simple PHP. This doesn’t need to be difficult though:

    if (!hasAccess($user, $page))
{
  header("Location: signin.php?redirecturl={$page}");
  die();
}

    And do your logic within hasAccess(). You can even include this logic within a separate file, and include it on all of your pages, keeping the code itself in one place in case you wish to make future updates to the criteria for access, or anything else.

    • 0