How to deny url access if you have not logged in

Navigation
1

I have this code which is an administrator, the function is that when logging in it does not redirect but only includes the document .php and everything works, the problem is that when I have not logged in and put in the url admin.php example enter the file admin.php obviously without styles or anything but enter then I want to know what piece of code to put in mine and in which part.

I leave my code 

<?php
session_start();
include_once("header.php");
if ( isset($_SESSION['username']) ) {

  if (isset($_GET['close'])) {
    $_SESSION = array();
    session_destroy();
    include_once("login.php");
  } else {
    include_once("admin.php");
  }
} elseif ( isset($_POST['username']) && isset($_POST['password']) ) {

  require_once 'include/conexion.php';

  $user = mysqli_real_escape_string($conn, $_POST['username']);
  $pass = mysqli_real_escape_string($conn, $_POST['password']);

  $sql = mysqli_query($conn, "SELECT username FROM user WHERE username = '$user' AND password = '$pass' LIMIT 1");

  if(mysqli_num_rows($sql) === 1) {
      session_start();
      $_SESSION['username'] = $user;
      include_once("admin.php");
  } else {
      include_once("login.php");
   }
} else {
   include_once("login.php");
}
include_once("footer.php");
?>
    
asked by Giancarlo Andre Lopez Silva 26.09.2018 в 23:41
source

1 answer

0

The most common in these cases is to use htaccess. Create a .htaccess file inside the folder with the rule 

Deny from all

The other option is to move the files if possible, to a folder outside the main directory that is commonly called public_html

    
answered by 27.09.2018 в 01:01
Problem with pandas.DataFrame.cumsum function Why can not my programs do arithmetic calculations correctly?