Hello there, first of all hi everyone, this is my first post here.
i'm pretty new to PHP but i do know enough about programming to understand advices at any level.
Here is my question:
I've done a login algorythm which is working fine, everything is managed by an idex.php file in which using different criteria i'm importing different pages depending on the user action.
now, all is fine and pretty simple but i started wondering how to deny the direct access to php files.
For example, let's say that after a login session variable check i'm importing in the index.php file the add.php file. I want to impose that a person can access to add.php only passing through index.php and if they type /add.php it displays an error message.
One solution i was wondering consist of writing a simple session check in the beginning of the the add.php PHP script, if the session is defined keeps working, if not redirect to index.php.
This solution is fine in order to prevent unauthorized access, but still if a user that made the login correctly than type add.php it will pass the check, display the add.php file and the whole program will be compromised.
I found as possible solution something here:
But as often happen the discussion is pretty old and i was wondering if any possible alternative was suitable to the problem.
I'd like to not touch the .htaccess file as i'm not an expert, actually even if i'm working on a private server i'm not sure my provider give access to that file.
Thanks a lot for your help, cheers