PHP die() all files within a directory

Question

So I am in the process of making an admin panel for a client and I have setup a PHP class which is called Login::isAdminLoggedIn. So the way that I have to use this at the moment is by going through every page and adding it to the top.

Is there a way in which you can die() a whole directory e.g.

--- Admin (die this one)
    --- index.php (inherited)
    --- logout.php (inherited)

As it takes a long time to go through and add them all and it's a lot of duplicated code.

If needed I can share the Login::isAdminLoggedIn class.

If it can't be done with PHP I am also using jQuery/Ajax on the pages so that is also an option.

--- EDIT HERE IS THE CODE ---

    <?php
class Login {
        public static function isLoggedIn() {
                if (isset($_COOKIE['TBCookie'])) {
                        if (DB::query('SELECT user_id FROM login_tokens WHERE token=:token', array(':token'=>sha1($_COOKIE['TBCookie'])))) {
                                $userid = DB::query('SELECT user_id FROM login_tokens WHERE token=:token', array(':token'=>sha1($_COOKIE['TBCookie'])))[0]['user_id'];
                                if (isset($_COOKIE['TBCookie_'])) {
                                        return $userid;
                                } else {
                                        $cstrong = True;
                                        $token = bin2hex(openssl_random_pseudo_bytes(64, $cstrong));
                                        DB::query('INSERT INTO login_tokens VALUES (\'\', :token, :user_id)', array(':token'=>sha1($token), ':user_id'=>$userid));
                                        DB::query('DELETE FROM login_tokens WHERE token=:token', array(':token'=>sha1($_COOKIE['TBCookie'])));
                                        setcookie("TBCookie", $token, time() + 60 * 60 * 24 * 7, '/', NULL, NULL, TRUE);
                                        setcookie("TBCookie_", '1', time() + 60 * 60 * 24 * 3, '/', NULL, NULL, TRUE);
                                        return $userid;
                                }
                        }
                }
                return false;
        }
        public static function isLoggedInAdmin(){
            $userid = Login::isLoggedIn();
            $admin = DB::query('SELECT id FROM users WHERE id = :userid AND admin = 1', array(':userid' => $userid))[0]['id'];
            if($admin === null){
                die('You shouldn\'t be here <a href="index.php">Go Back</a>');
            }else{
                return intval($admin);
            }
        }
}

So how this works is it checks the cookie of the current user to one within a database of login_tokens which has a column for user_id, the user_id is then returned from isLoggedIn.

This is then taken in into isLoggedInAdmin and checks whether the user with that id in users database also has an admin row equal to 1.

If admin is not found within the the user it gets returned null so then the page will die and say its message.

If the user has admin row equal to 1 then I return the userID.

--- EDIT THE FUNCTIONALITY ---

If a normal user gets access to a link to the admin area I kill the page as they are not admin and do not want them to see any confidential stuff on tha back end that only admins are meant to see, this is done by calling the DIE function within PHP.

When an admin comes along everything carries on as normal and they can access everything.

--- EDIT THE PROBLEM ---

The thing that I am asking is if their is a way to die every page with lets say the "admin" directory without having to go through and add the isLoggedInAdmin() to the top of every page.

That "duplicate" does not help, this is an entirely different question about being able to kill all files in a directory if someone without the right params tries to go on that page. The other one is about listing all the files within a directory. — Dimsquid, Mar 08 '19 at 20:02
Why would you want to call `die()`? What is the reason PHP files exist in that folder even though they should terminate execution? This is most likely an [XY problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). — Pinke Helga, Mar 08 '19 at 20:04
@Quasimodo'sclone It is an admin panel so If someone who is a regular user gets access to that area I wouldn't want them to be able to view any of the data. — Dimsquid, Mar 08 '19 at 20:06
`die()` will stop the execution. You cannot properly include it anymore. Use `.htaccess` or even better the server/virtual-host config instead and force a `403 forbidden` response. — Pinke Helga, Mar 08 '19 at 20:07
Yeah that is what I need it to do I will just add the code of the isAdminLoggedin @Quasimodo'sclone — Dimsquid, Mar 08 '19 at 20:09
https://stackoverflow.com/questions/10773025/how-to-prevent-directory-access-and-show-forbidden-error-in-php — Pinke Helga, Mar 08 '19 at 20:10
Apache 2.4: `Require all denied` https://httpd.apache.org/docs/2.4/upgrading.html This way you can include but not request anything from the specific folder. See also http://php.net/manual/en/ini.core.php#ini.auto-prepend-file , however, avoid using the latter when possible. — Pinke Helga, Mar 08 '19 at 20:17
@Quasimodo'sclone But that would kill the page indefinitely to all users that wouldn't give the option for an admin to still be able to access the page. — Dimsquid, Mar 08 '19 at 20:20
you mean in different tabs or what? I totally don't understand what is your problem — Flash Thunder, Mar 08 '19 at 20:22
Just use the `auto-prepend-file` option in that folder and conditionally respond a 403 or 404 header when not allowed. Or use `FallbackResource index.php` as the router script and place the includes in an unreachable place. I've told you almost all possible ways to do it. — Pinke Helga, Mar 08 '19 at 20:25
@Quasimodo'sclone Thanks I will have a look at them and see how they work. — Dimsquid, Mar 08 '19 at 20:33

PHP die() all files within a directory

0 Answers0