php (we??™ll take care of it in an exercise, you don??™t need to type it now):
// Class constructor
public function __construct()
{
$this->mSiteUrl = Link::Build('', 'https');
CHAPTER 10 ?– CATALOG ADMINISTRATION: DEPARTMENTS AND CATEGORIES 274
// Enforce page to be accessed through HTTPS if USE_SSL is on
if (USE_SSL == 'yes' && getenv('HTTPS') != 'on')
{
header ('Location: https://' . getenv('SERVER_NAME') .
getenv('REQUEST_URI'));
exit();
}
}
Note that the secure connection isn??™t enforced if the USE_SSL constant defined in include/
config.php is set to no. Setting the constant to no may be useful when developing the web site
if you don??™t have access to a real SSL-enabled server.
Authenticating Administrators
Because you only want certain users to access the catalog administration page, you need to implement
an authentication and authorization mechanism that controls access to the sensitive pages
in the site. Users who want to access the catalog administration page should first authenticate
themselves. After you know who the user is, you decide whether the user is authorized to access
the administration page. At this stage, we??™ll only have two kinds of users: anonymous users, who
are regular visitors of your site, and administrators, who can access the administrative parts of the
site (later in the book, you??™ll let visitors create accounts on your web site, but we??™re not there yet).
Pages:
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393