-1

I am using XAMPP for my project, and among the folders, there is an "admin" folder which contains the cpanel. The cpanel is custom hard coded for education purposes. I want to know how to restrict the access of any pages in that folder without logging in first. In that said folder, I have a login.php which is the login form and login.inc.php which handles the php sql.I want anyone who tries to access site/admin to get redirected to site/admin/login.php first if a session does not exist. I am aware that you can use <?php if(!isset($_SESSION['x']))?> , but it seems tiring to have to put it in every file page in that said directory just to force anyone who tries to access the pages. Is there any way to restrict access to any pages within the "admin" directory using .htaccess or other methods?

Lourd Nathaniel Gonzalez
  • 111
  • 8
  • "if a session does not exist" - You can't determine whether a specific PHP session variable exists (eg. `$_SESSION['x']`) in `.htaccess`. You could perhaps check if the session cookie is being passed in the request, but that's probably far too general to be of use in this scenario? – MrWhite Mar 25 '22 at 00:53

1 Answers1

1
  1. Use A header file and then just use require() or require_once() to include it on every page.
require_once('header.php')

you only need to edit the one file to update it on all pages.

https://www.geeksforgeeks.org/difference-between-require-and-require_once-in-php/#:~:text=The%20require()%20function%20is%20used%20to%20include%20a%20PHP,will%20not%20include%20it%20again.

  1. You can use .htaccess to redirect a directory.

Deny access to one specific folder in .htaccess

lineman60
  • 11
  • 1