0

I have multiple sites on same server with small changes. Issue is that when User login into A site and from url if he enter B site, he is allow to view content. How I can restrict user to view B site content.

Below if my authenication code

function validate_login($email , $password){
        global $_config;
        if(empty($email) or empty($password)){
            return false;
        }

        //Now perform validation here
        //$email = mysql_real_escape_string($email);
        //$password = mysql_real_escape_string($password);

        $query_obj = new execute_query();
        $where = 'email="'.$email.'" and password = md5("'.$password.'")';
        $result = $query_obj->select_query(array('*') , 'user' , $where);

        $user = array();

        if($result->num_rows > 0){

            $user = array();
            while($row = $result->fetch_assoc()) {
                $user = $row;
                $user['is_logged'] = true;
            }

            session_start();
            $_SESSION['user'] = $user;
            $url  = $_config['site_url'].'dashboard.php';
            //header('Location :'.$url);die;
            header("Location: ".$url);
        }
        return false;
    }

and on the top of every page I am checking session like.

<?php
session_start();
//echo "<pre>";print_r($_SESSION['user']);die;
if(!isset($_SESSION['user'])){ 
    $url  = $_config['site_url'].'login.php'; 
    //header('Location :'.$url);die;
    header("Location: ".$url);
} ?>

P.S: One approach is to save unique_session_id in database and check if user belongs to current database or not. But I want some more generic and better solution.

Thanks

user1885057
  • 85
  • 1
  • 2
  • 12
  • try adding $_SESSION['site1_session'], $_SESSION['site2_session'] in separate site and check that whether the session 2 is available when he is viewing the second site. – rahul Sep 23 '16 at 12:58
  • Yes, this is an option too. But I want to know some better approach. – user1885057 Sep 23 '16 at 13:00
  • since they are under the same server, the session will be exist in which ever site under it. now its upto your logic to whether again ask for a login authentication when they enter the other sites. – rahul Sep 23 '16 at 13:03
  • Yes I want to ask user for login authentication when ever they want to switch between sites. – user1885057 Sep 23 '16 at 13:06
  • Store sessions for both sites in a shared store, like a shared database or folder on the server. Then when you're known in one site the other also can use the session to check. – Kwebble Sep 23 '16 at 13:07

1 Answers1

0

You could add an extra level to your session to store the 2 sites uniquely

<?php
    session_start();

    if(!isset($_SESSION['siteA']['user'])) { 
        $url  = $_config['site_url'].'login.php'; 
        header("Location: ".$url);
} 
?>

Know all you need to do is make sure code in siteA and siteB knows what the key value is for each site i.e. the siteA and siteB keys.

<?php
    session_start();
    $site = getSiteKeyFromConfig();

    if(!isset($_SESSION[$site]['user'])) { 
        $url  = $_config['site_url'].'login.php'; 
        header("Location: ".$url);
} 
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149