The short of it:
Is it generally concidred safe to "require()" an authentication.php file rather than actually have the code on each page for easy update?
The long of it:
(Clarity Edit: I realize that fully securing my site is out of my scope of possibility. I'm mostly just wondering if its a 100% no no to require the authentication code and its a MUST to actually paste the hard code on each page. Or if generally inserting a single authentication code file at the top of pages needed is alright)
I'm sorry, I'm sure this is a stupid question but I want to double check. I'm working on authenticating portation of my site, and I have simple code like this so far to accomplish it (obviously some external functions not shown or needed)
<?php
if(!request_is_same_domain()){
redirect_to(url_for('/index.php'));
}else{
if (!$session->is_logged_in()) {
redirect_to(url_for('/mission_control/login.php'));
}elseif($session->account_type() != "admin"){
$session->message = "Sorry you seemed to stray into an unknown area of the website";
redirect_to(url_for('/mission_control/login.php'));
}
}
?>
Is it okay to take this simple code chunk and break it off into a separate file that is hidden in a private directory, then "require()" it at the top of all pages that need authenticating? If the code isn't directly on the pages that need protecting does this leave me open to some type of workaround for "hackers"?
Technology is constantly evolving the matter about securing an application is really a broad topic to start with. Sometimes no matter how we like to keep our codes secure we vulnerabilities will keep on coming to keep your website secured and safe from any vulnerabilities keep the server and its modules updated but this will really be a lot of work than you think that is if you really put security in mind you will truly give time keeping the server up for the latest updates and maintain a stronger authentication method on who gets to access your server example by using ssh keys, but as I said security is really a broad topic technology keeps on evolving what we consider secure now might not be secured in the future.