0

I tried to make PHP login and authentication system base on MVC. I even need some guide about how can I prevent to access all classes on controller/admin folder without proper login.

I have two ideas : 1- make constructor for all classes on admin folder and check for logged in session and then only allow calls to any other methods in that class.

2- add a secret word at the end of all methods name on my admin folder. Then all calls to those methods will redirected to __call function for check session and if that process done successfully then try to call admin's methods by adding that secret word.

I don't know which one is the better way or is there any other solution?

oreopot
  • 3,392
  • 2
  • 19
  • 28
M.J
  • 276
  • 1
  • 4
  • 13
  • first method is the correct way to prevent access all classes without proper login. – Ayyappa amara Dec 06 '17 at 07:17
  • Have you tried reading this: https://stackoverflow.com/a/9685039/727208 – tereško Dec 06 '17 at 10:36
  • @Ayyappaamara no, it is not. It is actually a terrible idea, because it causes serious maintainability issues ... aside from the bad practice of placing logic on a constructor's code. – tereško Dec 06 '17 at 10:37
  • so finally constructor check auth session is better than __call system? – M.J Dec 09 '17 at 14:58

0 Answers0