Access Control Question (Coding the correct way)

Hi all,

In Chapter 9 of Build Your Own Database Driven Website Using PHP and MySQL the access control version gives an example whereby a plain HTML page is served up and upon clicking on one of the links, the controller for say the authors is fired up and redirects you to the login page.

Now I want to have the first page visited as the log in page e.g. Facebook.

I have acheived the result I am after by removing the index.html page and replacing with a controller page (index.php) which contains nothing other than:

<?php

include 'home/index.php';

?>

This way the code still gets called as intended. However is this the ‘correct’ way to do things??? I have a suspicion that it isn’t and I don’t want to fall into bad habits.

Thanks for your time and help.

@johnnyutah1980,

Maybe someone that has this book is better to help you. However, if you need the first page of a site as the login.php then normally your site root is set to login.php as your directory index file; you normally set this where you manage your DNS and on the server where your site is hosted, normally as a virtual apache or IIS host.

From your login you do your authentication and redirect to a ‘Denied’, Try Again’, or a random Internet page if their login fails, or redirect them to the controller if they pass authentication. Now the controller has to stop a would be hacker to just bypassing the login page and hoping into your site, so in some way you need to ensure that anyone that gets to the controller is actually authenticated. If you do that then the

 &lt;?php require_once('home/index.php'); ?&gt; is ok.

Again, I understand this may or may not help, so don't let this confuse you, if someone with the book that understands how the controller is layedout, and the method of authentication. 

Steve