When building a page that is to be accessible to members only, is the following the correct php:
<?php if($_SESSION['logged_in']): ?>
// all code for page here
<?php endif; ?>
Does all of my html / php sit between these two lines?
Are there any other ways of doing this that are better?
What security issues should I be aware of?
My content is not particularly sensitive but may be in the future.
Speaking strictly in terms of writing legible code, why not:
<?php
if (!$_SESSION['logged_in']) {
header("Location: login.php");
exit;
}
?>
<!-- // all code for page here -->
Or similar.