Validating user authentication for all page

Question

I am using the HTML page on front end PHP for server side scripting. now the problem i have configuration page which can be loaded by disabling javascript on Mozilla setting.

Since i am using cookie to validate on the javascript

For avoiding this i need some thing i can call some php script onload without intimating user and verification return page

regards hemant

Answer 1

you can not call PHP onload (at least not without ajax, but then you're back in the javascript boat).
onload is a client side event and PHP runs on the server...

I can't really see what you're doing but my giess is:
what you want to do is create a PHP script which catches all requests and renders the correct page if the person is autorized. or something like that.

Answer 2

You could use a framework (such as using MVC etc.), even a really tiny one, and then authenticate your requests when you initialise your Controller.

Or if you want to custom code:

1. use rewriting (.htaccess on Apache) to capture all your requests and route them through a PHP file (eg index.php)

2. this file will authenticate the user and then explode the route requested (GET) to send them to their destination:

   $route = $_GET['route'];

Answer 3

Once you have the user authenticated successfully, store that information in $_SESSION array.

More info:

• PHP Sessions Tutorial
• PHP Sessions (php.net)

Answer 4

Couldn't you just do a check if there browser has JavaScript enabled or disabled? then use PHP session?

Moving away javascript based cookies, and possibly using php session to validate the login, or using php cookie.. that way the sites not dependent on the javascript, especially if its a security issue..

<script type=”text/javascript”>
    document.write('Javascript Loaded!');
</script>
<noscript>
   <div style=”color:#FF0000; font-weight:bold; text-align:center;”>
     Javascript must be enabled to see this site!
   </div>
   <meta http-equiv=”refresh” content=”0; url=http://www.yourdomain.com/nojs.php”>
</noscript>

this way you could redirect them to your php page for processing..?

Answer 5

我不确定您要问的是什么，但是如果您想保护站点的安全，并且您不介意是否只有一个登录名/密码组合，也可以使用.htaccess。