Restrict access to a folder on the server after being signed in

2

I have the following problem: I have 1 application used by 5 users ...

For each user there is a folder on the server, because for each one there is a configuration and some files are different, so the authentication links are:

  

user1 = www.meuservidor.com.br/pasta1
  user2 = www.meuservidor.com.br/pasta2
  user3 = www.meuservidor.com.br/pasta3
  user4 = www.meuservidor.com.br/pasta4
  user5 = www.myserver.com/pasta5

In%% of each folder, there is a login screen that ajax authenticates to the login database and password passed by the user, under the following conditions:

//Caso o usuário não esteja autenticado, abre tela de login
if ( !isset($_SESSION['login']) and !isset($_SESSION['senha']) ) {
    //exibe form de login
}else{
    //exibe a pagina restrita
}

Example situation:

If I log into user1 ... my session starts normally, but if I modify the url I can access the index of the other folders ... since the session has already been started.

I need help blocking this.

    
asked by anonymous 07.10.2015 / 17:20

2 answers

1

Now, according to what you've been up to, the rule would be to create a rule within each php file that is in each folder (somewhat repetitive, and less practical, but meet your rule):

Within each file, make the rule if it is not logged in redirects to the screen / login, example:

if (!isset($_SESSION['login']) and !isset($_SESSION['senha']) ) {
    header('Location: ./login'); // ou a forma como desejar redirecionar
}

Also check the user for each folder, where:

if (!isset($_SESSION['login']) and !isset($_SESSION['senha']) ) {
    header('Location: ./login'); // ou a forma como desejar redirecionar
} else if($_SESSION['tipo_usuario'] != 1) { // digamos que estamos no arquivo da pasta1, guarde o tipo do usuario ao realizar login
   header('Location: ./pasta'.$_SESSION['tipo_usuario']); // concatena o nome da pasta pra jogar para a pasta do usuário correspondente
}

And in the login (single) do the same thing to redirect when you log in:

header('Location: ./pasta'.$_SESSION['tipo_usuario']);

This is one of the forms for your application, hope it helps.

Hugs

    
07.10.2015 / 17:48
0

I actually did like this:

But the credits are for @Mastria

$user = $_SESSION['login'];

//Caso o usuário não esteja autenticado, abre tela de login
if ( !isset($_SESSION['login']) and !isset($_SESSION['senha']) ) {
    //exibe form de login
}else{
    if($user == 'user1'){
        //exibe a pagina restrita
    }else{
        echo "Acesso negado!";
    }        
}

I've implemented this code in each user's index ... As it is only 5, it did not give much work, but I understand that if it increases the number of users I will have to reformulate the logic of the application.

Thanks to all who participated!

    
07.10.2015 / 18:04