This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
So, basically I got a php file containing some information and so on. This site is accessable in the url even tho the user is not logged in to Silverstripe. Is there any special folder in which i can put this php file so a user need to sign in before accessing it. This is just a regular php file that i wrote myself. Or is there any speciel php check that i can use to see however an user is logged in?
Cheers
Or is there any speciel php check that i can use to see however an user is logged in?
You could check in your php file if $_SESSION['loggedInAs'] is not empty or otherwise exit the script.
session_start();
if (empty($_SESSION['loggedInAs'])) {
//header('Location: http://mydomain.com/Security/login');
exit;
}
// continue with some informationOn the other hand, it is more reasonable to completely yield to how things are done in a framework. The information you want to provide to authenticated users should be returned by a controller which responds to a route.
Yeah, i wanted to user this module at first, but it didn't support the PhP files and i wasn't able to extend the allowed types in any of the _config files.
https://github.com/silverstripe-labs/silverstripe-secureassets
Oh, it's possible with the secureassets module. But you should not use it for this, because there should not be any php scripts inside a upload directory. There is simply no reason for doing this or bad things will happen.
The only correct way to do this is with a controller.
https://docs.silverstripe.org/en/3.1/developer_guides/controllers/introduction/
That's true.
