Search⌘ K
AI Features
Home
Courses
PHP for the Web: Learn PHP without a Framework

A Secret Page

Explore how to create secret pages accessible only to logged-in users by leveraging PHP sessions and redirects. Understand the importance of terminating script execution after redirects to protect sensitive content and learn about the limitations of protecting associated image resources. This lesson guides you through managing user authentication states to safeguard secret pages effectively.

We'll cover the following...

Perks of logging in

Before we start building the login functionality, let’s give the user a good reason for logging in: a picture of the original elephpant from 2007. You can copy it from afieldguidetoelephpants.net (or you can download any other picture you like, of course). Here’s the code for public/secret.php, which should only be accessible to logged-in members:

PHP
<!DOCTYPE html>
<html lang="en">
<head>
    <title>Secret</title>
</head>
<body>
<p>Here's something special for users who are logged in:</p>
<p><img src="/elephpant.jpg" alt="An elephpant"></p>
</body>
</html>

Take a look at http://APPLINK/secret.php to see if it looks good:

Note: You don’t actually have to go anywhere and open any URL as we have already set everything up for you. We have used http://APPLINK just as a placeholder. The URL link on which the application will be available after running the code is located below the Run button of all the coding areas given in a lesson.

Redirecting to the login page

We want to ensure that only authenticated users can see the elephpant. Whenever an anonymous user requests /secret.php, they should be redirected to the login page, which we will create in the ...