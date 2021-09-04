Well without seeing specifies I believe the main issue is you are not working off of a main structure/page setup. For example just looking at a “typical” setup you might see a url like myschoolsite.com/students and inside this student directory you would have an index.php page.

On this page you would make sure the student is logged in by checking for a student_id that has been saved to session. If they are NOT logged in you would use a header to direct the user to the log in page. If all is OK then other files can be included on the index.php page.

As for the page names I would never use both an .html AND a .php file extension in the name. In most cases I would use .php if any php is used on the page.

There are many ways to structure a site and whether want a student to go to a page like 20EAP_40_Qs.php directly with a link or have a page included after checks are made is up to you.

An example of how you might do it would be: With each load of index.php a query is made to check the pages/assignments the student currently needs to do or read AND has access to (remember due dates, only allowed access ONCE etc can restrict access to a page).

This query can build an array of $current_assignments , which might hold values like ’ 20EAP40Qs ', ‘ 20EAP40questions ’ .

$current_assignments = array('20EAP40Qs', '20EAP40questions');

Note:: No Underscores in the url as those are treated as spaces.

if a student clicks a link like

"myschoolsite.com/students/index.php?pg=20EAP40Qs"

you can do can do a check of this request against the $current_assignments array so only allowed content is shown and you are NOT making any queries based off of a GET URL and only allowed pages would pass.

if(isset($_GET['pg']) && !empty($current_assignments) && in_array($_GET['pg'],$current_assignments)){ include 'files/'.$_GET['pg'].'php'; }else{ include 'files/default_content.php'; }

This allows for a “Student Home Page” to be shown by default

Any form processing, i.e. “turning in assignments” should be at the TOP of the page just after you have checked that a student is logged in and before the ‘current_assignments’ query.

Once an assignment is turned in it should no longer be found in the query results for ‘current_assignments’ and thus not in that array.

If the page they are looking at is an informational page like 20EAP40Qs and you have a link in the page content to a questions page that should be fine.

"myschoolsite.com/students/index.php?pg=20EAP40questions"

Again you check of this request against the $current_assignments array.

So links a student will see on any page or menu are rendered by or validated by the $current_assignments array.

I am sure others will tell you other ways but this way you are never making a query based on a GET value and only including files the student has access to.