Redirecting first time users to login page

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • rajkpy
    New Member
    • May 2009
    • 3
    #1

    Redirecting first time users to login page

    Please note: I am urgently in need of a solution to this question,
    for that i have posted this question in different forums so that i can get an answer as quickly as possibly. Please accept my apologies for any inconvenience caused.

    Hi experts,
    I have a application which consists of a login page and other application specific php file.
    At present the users are able to access the application files directly through the url.

    Now I want to have an access control feature implemented by which when a user first tries to access the files directly through url, they are redirected to the login.php page. and once the user is able to login successfully they are then redirected to the file requested previously and now he can access any of the application files by directly mentioning the url.

    Now since I have about 1000 application specific file, please
    let me know how i can implement this access control feature. As i dont want to including any session specific feature in all the 1000 files, it would be great if I have a centralized way of doing this.

    Thanks in advance.
    Tags: apache, php, redirection
    • hoopy
      New Member
      • Feb 2009
      • 88
      #2
      Hi, I dont see how you can do this without any form of session management which checks the user is authenticated on each page. If they try and access a URL when they aren't logged in, store that URL in a session variable redirect to the login, do the auth test then if success, record in a session variable they are authenticated then redirect to the original page using header() function.

      Why did you write 1000 different files then do things like user authentication afterwards? I guess you could add something like:

      Code:
      <? include_once("check_session.php"); ?>
      At the top of each of these pages and simply check in there if they are authenticated or not, if not then it redirects to a login page. I dont know any other way you can do this without using sessions, unless you can do something with htaccess, someone else may be able to help with that.

      I know its not a firm answer but its a start for you to work on.

        Comment

        • dlite922
          Recognized Expert Top Contributor
          • Dec 2007
          • 1586
          #3
          Originally posted by rajkpy
          Please note: I am urgently in need of a solution to this question,
          for that i have posted this question in different forums so that i can get an answer as quickly as possibly. Please accept my apologies for any inconvenience caused.

          Hi experts,
          I have a application which consists of a login page and other application specific php file.
          At present the users are able to access the application files directly through the url.

          Now I want to have an access control feature implemented by which when a user first tries to access the files directly through url, they are redirected to the login.php page. and once the user is able to login successfully they are then redirected to the file requested previously and now he can access any of the application files by directly mentioning the url.

          Now since I have about 1000 application specific file, please
          let me know how i can implement this access control feature. As i dont want to including any session specific feature in all the 1000 files, it would be great if I have a centralized way of doing this.

          Thanks in advance.

          If I was in this situation, I would put all the files in a folder not accessible via URL (out of the web root folder)

          Then I would have a .htaccess that would rewrite all URL to go to say "index.php" . This index.php would need to check if this is the first time this user is accessing this URL (if you're not using session, I don't know what will help you, it's up to you to figure this out) session/cookies is the best way to go.

          If not logged in, redirect to a login page (also passing the file they originally wanted) after login, redirect to another .php page...let's call it. "retrieve.p hp". This file takes the original file name the user wanted and goes to look for it in the "private" folder where the application files are. if found, it returns (includes it?) in retrieve.php, otherwise display an error saying file not found.

          If you have any question, please let me know.



          Dan

            Comment

            • gregerly
              Recognized Expert New Member
              • Sep 2006
              • 192
              #4
              What Dan Said

              Dan's on the right track here. What you need to do is create a "hook" that will hook into certain processes before the page is rendered that can check that the user is logged in. This way you don't have to go back and alter all 1000 files you created. Your login check is done in one location, and run before the user is redirected to the requested page.

              In Dan's example the index.php would kind of act as the hook, where you would check if the user was logged in, if so redirect to the requested page, if not, redirect to login.

              So, short answer, what Dan said.

              Greg

                Comment

                Previous template Next
                Working...