DUVIDA 1
On my site I have PHP pages that register / login users, products, and other things, which I call through ajax. Is there any way I can not allow people to access these pages via URL?
Example: meusite.com/conexao/cadastro.php
DUVIDA 2 | Related to the first
To block access from restricted areas of the site I'm using:
if(!isset($_SESSION['user_logado'])){
header("Location: index.php");
exit;
}
Is this the best way?
If it is not the best, can it be considered safe?
Could you use this method for page protection mentioned in DUVIDA 1?
Would there be any conflict with ajax? since the person would not yet be logged in
DUVIDA 3
I'm not very experienced in PHP as I would like, so excuse ignorance, according to what I know, the PHP content of a page is not available for users to see, such as connection to DB, login and registration, and others, but I believe that such access is possible by brute force. Can I rely on PHP's own security or would I need to do additional security? As consulted in the first two questions.