The short of it:
Is it generally concidred safe to "require()" an authentication.php file rather than actually have the code on each page for easy update?
The long of it:
(Clarity Edit: I realize that fully securing my site is out of my scope of possibility. I'm mostly just wondering if its a 100% no no to require the authentication code and its a MUST to actually paste the hard code on each page. Or if generally inserting a single authentication code file at the top of pages needed is alright)
I'm sorry, I'm sure this is a stupid question but I want to double check. I'm working on authenticating portation of my site, and I have simple code like this so far to accomplish it (obviously some external functions not shown or needed)
<?php
if(!request_is_same_domain()){
redirect_to(url_for('/index.php'));
}else{
if (!$session->is_logged_in()) {
redirect_to(url_for('/mission_control/login.php'));
}elseif($session->account_type() != "admin"){
$session->message = "Sorry you seemed to stray into an unknown area of the website";
redirect_to(url_for('/mission_control/login.php'));
}
}
?>
Is it okay to take this simple code chunk and break it off into a separate file that is hidden in a private directory, then "require()" it at the top of all pages that need authenticating? If the code isn't directly on the pages that need protecting does this leave me open to some type of workaround for "hackers"?