Prevent Direct Access To A Webpage By Typing The URL
Solution 1:
so your login screen should already have session code implemented into it that has a variable that specifies if the user is logged in or not. If you don't have that implemented yet, the code would look similar to:
<?php session_start();//at the very top of the page
?>
//... your own code
//if the user successfully logs in then:
$_SESSION['authenticated']=true;
Then on the booking.php page (it should be php to allow php scripts which is super important for validating if a user is logged in), you would then check if the user did log in. If he did, the rest of the page loads, if he didn't, you would redirect them to login.php:
at the very top of booking.php:
<?php session_start();
if (!isset($_SESSION['authenticated']))
{
//if the value was not set, you redirect the user to your login page
header('Location https://www.example.com/login.php');
exit;
}
else
{
//if the user did login, then you load the page normally
}
Solution 2:
- Use $_SESSION or
- Pass a variable from login.php to booking.php. And then authenticate every user based on the variable passed using the $_POST method.
eg.
if (!isset($_POST['auth'])) {
// redirect user back to login page
} else {
// successful login
}
Solution 3:
You can do it like
rename extensions of all pages where you want this authentification
e.g.
login.html >> login.php
booking.html >> booking.php
booking-suceess.html >> booking-success.php
create one script namely auth.php with following code
<?php
session_start();
if(!isset($_SESSION['username'])){
header("location:login.php");
}
?>
In login.php add session
$_SESSION['username'] = $_POST['username'];
Now you can add auth.php in any php page where you want login compulsory as follow :
include ('auth.php');
Post a Comment for "Prevent Direct Access To A Webpage By Typing The URL"