I am setting up my website, I have a login section, but if I put the full url to the next page after login it is within reach, although it has no data, since I use PHP through POST, but I would like to know if there is any form inside my server so that even if you have the url you can not access without first logging in?
Thank you very much
To control any access easily, you just have to follow two steps.
1.- When logging in, create a session variable.
<?php
session_start();
// comprobación de login
// ...
if($login === true){
$_SESSION['user'] = $userId;
}
2.- When accessing any protected url, check if it has the active session by verifying that the user variable exists and has some valid value.
<?php
session_start();
if(empty($_SESSION['user'])){
header("Location:login-url.php");
}
Point 2 should go to the beginning of each file that needs to be protected.
This is the simplest, from now on it can be complicated as much as necessary.