SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    May 2011
    0 Post(s)
    0 Thread(s)

    Access Control Question (Coding the correct way)

    Hi all,

    In Chapter 9 of Build Your Own Database Driven Website Using PHP and MySQL the access control version gives an example whereby a plain HTML page is served up and upon clicking on one of the links, the controller for say the authors is fired up and redirects you to the login page.

    Now I want to have the first page visited as the log in page e.g. Facebook.

    I have acheived the result I am after by removing the index.html page and replacing with a controller page (index.php) which contains nothing other than:

    include 'home/index.php';
    This way the code still gets called as intended. However is this the 'correct' way to do things??? I have a suspicion that it isn't and I don't want to fall into bad habits.

    Thanks for your time and help.

  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Burlington, Canada
    89 Post(s)
    6 Thread(s)

    Maybe someone that has this book is better to help you. However, if you need the first page of a site as the login.php then normally your site root is set to login.php as your directory index file; you normally set this where you manage your DNS and on the server where your site is hosted, normally as a virtual apache or IIS host.

    From your login you do your authentication and redirect to a 'Denied', Try Again', or a random Internet page if their login fails, or redirect them to the controller if they pass authentication. Now the controller has to stop a would be hacker to just bypassing the login page and hoping into your site, so in some way you need to ensure that anyone that gets to the controller is actually authenticated. If you do that then the [PHP] <?php require_once('home/index.php'); ?> is ok.

    Again, I understand this may or may not help, so don't let this confuse you, if someone with the book that understands how the controller is layedout, and the method of authentication.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts