By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,423 Members | 1,327 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,423 IT Pros & Developers. It's quick & easy.

Redirecting first time users to login page

P: 3
Please note: I am urgently in need of a solution to this question,
for that i have posted this question in different forums so that i can get an answer as quickly as possibly. Please accept my apologies for any inconvenience caused.

Hi experts,
I have a application which consists of a login page and other application specific php file.
At present the users are able to access the application files directly through the url.

Now I want to have an access control feature implemented by which when a user first tries to access the files directly through url, they are redirected to the login.php page. and once the user is able to login successfully they are then redirected to the file requested previously and now he can access any of the application files by directly mentioning the url.

Now since I have about 1000 application specific file, please
let me know how i can implement this access control feature. As i dont want to including any session specific feature in all the 1000 files, it would be great if I have a centralized way of doing this.

Thanks in advance.
May 2 '09 #1
Share this Question
Share on Google+
3 Replies

P: 88
Hi, I dont see how you can do this without any form of session management which checks the user is authenticated on each page. If they try and access a URL when they aren't logged in, store that URL in a session variable redirect to the login, do the auth test then if success, record in a session variable they are authenticated then redirect to the original page using header() function.

Why did you write 1000 different files then do things like user authentication afterwards? I guess you could add something like:

Expand|Select|Wrap|Line Numbers
  1. <? include_once("check_session.php"); ?>
At the top of each of these pages and simply check in there if they are authenticated or not, if not then it redirects to a login page. I dont know any other way you can do this without using sessions, unless you can do something with htaccess, someone else may be able to help with that.

I know its not a firm answer but its a start for you to work on.
May 3 '09 #2

Expert 100+
P: 1,584

If I was in this situation, I would put all the files in a folder not accessible via URL (out of the web root folder)

Then I would have a .htaccess that would rewrite all URL to go to say "index.php". This index.php would need to check if this is the first time this user is accessing this URL (if you're not using session, I don't know what will help you, it's up to you to figure this out) session/cookies is the best way to go.

If not logged in, redirect to a login page (also passing the file they originally wanted) after login, redirect to another .php page...let's call it. "retrieve.php". This file takes the original file name the user wanted and goes to look for it in the "private" folder where the application files are. if found, it returns (includes it?) in retrieve.php, otherwise display an error saying file not found.

If you have any question, please let me know.

May 3 '09 #3

Expert 100+
P: 192
Dan's on the right track here. What you need to do is create a "hook" that will hook into certain processes before the page is rendered that can check that the user is logged in. This way you don't have to go back and alter all 1000 files you created. Your login check is done in one location, and run before the user is redirected to the requested page.

In Dan's example the index.php would kind of act as the hook, where you would check if the user was logged in, if so redirect to the requested page, if not, redirect to login.

So, short answer, what Dan said.

May 4 '09 #4

Post your reply

Sign in to post your reply or Sign up for a free account.