0

I am quite inexperienced when it comes to the topic of server-side user authentication.

I want to use as few PHP code as possible to achieve the following:

A user can log in to my app. If he does so, i will store all of that users information, including the status of being authenticated to an Angular service.

As a user navigates through my app, i need to check whether or not he is logged in. If he ain't, i need to redirect him immediately.

The question

Would it be enough to set up two session variables when the user has been logged in successfully and then doing something like this on every route change, updating my service and handle the result client-side?

public function getLogStatus(){
    return 
      $_SESSION["isLoggedIn"] == "true" &&
      $_SESSION['useradr'] == $_SERVER['REMOTE_ADDR'] ? 
        true : false;
}
Improve this question
2
  • question is enough for what ? Commented Jan 17, 2014 at 10:50
  • Thank you for your answer. I meant, would it be enough to ensure that a non-authed visitor could not gain access to the application Commented Jan 17, 2014 at 10:52

1 Answer 1

Reset to default
1

Yes it IS enough.

But I suggest this :

public function checkAuth(){
   if(!$_SESSION["isLoggedIn"] || $_SESSION['useradr'] !=$_SERVER['REMOTE_ADDR'])
   header('location:"thePage.php"');
}

and call it in the first line of every method that you dont want to non-authed visitors can gain .

public function method(){

$this->checkAuth();
...
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.