PHP Authenticate user for each page of website

Question

I'm developing a website, where in most of pages user need to log in to view pages of website. What is the best way to check if user is logged in or not, and if not redirect it to log-in page.

currently I'm using following code to do that.

if(!isset($_SESSION["username"]))   //I set the session when user log in and destroy when user logout
    header("location: login.php");

There are lot of pages and I put this code in every page. It also works well.

I want to know is there any other batter way to do this? Or what I'm doing is good way? and I don't need to change anything.

Answer 1

Simple Solution is create a file named as session.php

include your session checking code into that. Like,

if(!isset($_SESSION['YOUR_VAR'])) {
    header('Location: login.php');
}

include this file into all your pages, with include OR require

I prefer require function. example in your home.php file at the beginning of page write,

<?php
    session_start(); //don't forget to do this
    require('session.php');
?>

NOTE : In future if you enhance your session checking code you just have to change one file.

Answer 2

It is depend on you architecture. If you are using any framework, like symfony you don't need to handle these for each and every page. I guess you are using pure PHP without any framework support. So you need to check whether the user is authenticated for each and every request by your own. I suggest you to without placing code segment related to logout in every page, just place it in a global function and call it in your every page. So that, if you want any simple change in that code segment, you can achieve it only changing that global function

Answer 3

I usually just set a session like this once the user logs in:

$_SESSION['loggedIn'] = TRUE;

Then just check if TRUE or FALSE when needed.

ex:

if($_SESSION['loggedIn']){
    //Something here
} else{
    //Don't do it
}