I have a .htaccess that denies access to all of my documents EXCEPT for the login page, which is apiLogin.php
. As shown in my code below:
<Limit GET POST>
order deny,allow
deny from all
allow from 127.0.0.1
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
DirectoryIndex apiLogin.php
<Files ~ "execute.php$">
Order Allow,Deny
Deny from All
allow from 127.0.0.1
</Files>
<Files ~ "printAPI.php$">
Order Allow,Deny
Deny from All
</Files>
<Files ~ "Orders.xml$">
Order Allow,Deny
Deny from All
</Files>
<Files ~ "Config.xml$">
Order Allow,Deny
Deny from All
</Files>
RewriteEngine On
RewriteRule (^|/)s_orderlist(/|$) - [F]
I want my execute.php
to allow redirection from apiLogin.php
AFTER a successful login(Which is already being checked by a form - I can't redirect it to the page however because the htaccess denies it / I need an exception). How do I achieve this? Do I do this through .htaccess or through php?
Allow execute.php
in ht access and add a session check.
session_start();
if($_SESSION["loggedIn"] != true){
echo 'not logged in';
header("Location: apiLogin.php");
exit;
}
And on apiLogin, when user login set session to true
$_SESSION["loggedIn"] = true;