Ok I am trying to design a sort of security system for my website.
The idea is that people not logged onto the site (guests) should be only allowed to view certain pages. They shouldnt be able to know a URL to be used after login, enter that URL, and get to the page. I want to be able write to the screen, "access denied to this page or something.
However people that logon should be able to get to more of the pages without seeing an “access denied” error.
I was thinking about assigning each page a number, and then have a php include that takes that number, determines whether the user is a guest or not, and if any particular rules for that page apply. If the tests fail, the php include (or security page I suppose) will redirect the user to a notification page.
So basically, at the top of the page, there would be something like this on a page:
$pagenumber = 1;
<? include('security.php');?>
and the security include page would a switch stmt with some business logic:
switch($pagenumber){
case 1:
if(user not logged on)
{
redirect;
}
break;
}
so if someone enters http://www.mydomain.com/nonguest.php without having first logged in, the above rule would redirect.
Is something like this a good idea or can it be done another, easier, way?