Talk about people, recently I started to study php and I am facing some problems, the most recent was as follows.
I have a login / registration form and we have the following code.
<form action="/includes/login/class_registro.php" method="post">
<div class="input-container">
<input type="text" id="reg_username" required="required" name="username" autocomplete="off" />
<label for="reg_username">Usuario</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="email" id="reg_email" required="required" name="email" autocomplete="off"/>
<label for="reg_email">Email</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" id="reg_pwd" required="required" name="password" autocomplete="off"/>
<label for="reg_pwd">Senha</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" id="reg_confirm_pwd" required="required" autocomplete="off"/>
<label for="reg_confirm_pwd">Repita a senha</label>
<div class="bar"></div>
</div>
<div class="button-container">
<button name="btn_rg" value="enviar"><span>Concluir</span></button>
</div>
</form>
The problem is that if the user does www.mysite.com/includes/login/class_registro.php he can access the file normally, so I did the following:
//Verifica se o acesso foi realizado diretamente pela URL
$enviou = (isset($_POST["btn_rg"]) && !empty($_POST["btn_rg"])) ? true : false;
if (!$enviou) {
header("Location: http://www.meusite.com.br/login");
}
//Verifica se o acesso foi realizado diretamente pela URL
But I was in doubt if there would be some way "better" to do this procedure, the same happens to www.mysite.com/includes/login/class_login.php