Is the login function validation required on every page of the controller?
I have followed the MVC pattern in my PHP pages. I have created a controller page for each view page and will interact with the model page. I checked User Login at the top of each view page. But I never checked on the Controller page. Since everyone can directly enter the controller page and can change the contents of the database.
So please tell me if it is possible to login to the database via the controller page. And whether I need to check the User Login on the controller page.
source to share
If I understand correctly, you put a LOGIN check at the top of each linked page from your controller page (assuming you have index.php).
If so, then you don't need to do login validation at the top of each of your linked pages, just from index.php. If your login succeeds at the top of your index.php, you continue to include your intended browsing page.
For example (in your index.php)
<?php
if ( !$user->checkSession() )
header('Location: login.php');
if ( $_GET['p'] == 'viewPageName' )
include('modules/viewPageName.php' )
elseif and so on
?>
EDIT
Now I understand your question better.
Solution 1 :
In index.php (top place)
<?php
define('DIRECT', true);
your login check, etc...
?>
In your other files , put on top
<?php
if (!defined('DIRECT')) die('No direct access is allowed');
other code, etc...
?>
Solution 2:
Place the .htaccess file in the folder where all your other files are located and deny direct access to those files.
Paste the following into .htaccess:
deny from all
Solution 3:
Well, assuming you have defined the $ db file in index.php and set the class to index.php, your other files will return errors because you have not defined your DB class in them.
In other words, if you defined $ db = new Database (); in your index.php your other files will get an error if you try to access directly because $ db is not yet defined in them.
source to share