7
Good afternoon, I’m developing a PHP site in which there is a login screen, which redirects to the admin screen, but if I try to access this admin screen through the url, it usually opens.
I would like to block this direct access by url, redirecting to the login screen. How can I do this?
Thank you.
11
More simply, if you use pure PHP, you can do so:
session_start();
if (empty($_SESSION['admin'])) {
return header('location: login.php');
}
The empty will already assess whether the value of admin exists and at the same time whether he is a boolean. If it is false and/or if it does not exist, the user will be redirected to the login page (or any other one that you want to redirect);
Note: Because of the critical comments regarding the use of empty, I make a clarification: I do not use the isset because it would generate unnecessary code and would not apply to the case.
Using the function empty we treat at the same time two problems: The case of the person is not logged in, ie the variable $_SESSION['admin']does not exist; and if the variable has value false, for in that case empty returns false for values of the type false - and if the user is not admin can not see the page.
I would use the isset only to treat two different types of cases.
For example : differentiate logged-in user from logged-in user who is not admin.
session_start();
if (! isset($_SESSION['admin']) {
return header('location: pagina_de_usuario_nao_logado.php');
} elseif (isset($_SESSION['admin']) && $_SESSION['admin'] == false) {
return header('location: pagina_de_logado_mas_nao_eh_admin.php');
}
If I used the same form I used in the first example, dealing with isset, the code would have to stay like this:
if (! isset($_SESSION['admin']) || $_SESSION['admin'] == false) {
// ...
}
See how unnecessary the use of isset, if we were to replace the first form.
I tested here and is giving this error "syntax error, Unexpected '{' in.."
Lacked a ) that closes the if.
It worked, Thank you :D
@Deesouza slapped the code.
No need, the right answer is +1.
thanks @rray :) :)
need to use isset() before Empty().
No need. If the variable does not exist, Empty returns false. If it exists and is false, it returns false. If it exists and has true value, it returns true. No need for isset. Empty also does this job.
No need to use the empty, for session simply uses isset, the empty is only in case the value has been set to NULL.
Friends, I’m sorry, but I don’t think you know what you’re talking about. empty checks if an empty value. php considers empty array, null, false, 0, empty string and non-existent variable or index. There’s nothing wrong with the code. http://php.net/empty
Browser other questions tagged php login redirecting
You are not signed in. Login or sign up in order to post.
Session PHP. Has on your website ?
– Diego Souza
At first I was using Session, but it was giving some errors, then I changed
– Ricardo Afonso