Im working on a site where a user has to be logged in to access most of the site.
if(is_authed())
{
include("change_email_form.php");
}
else
{
include("login_form.php");
}
I have PHP code as above. I check if the user is authorized to view the change_email_form, if so it will be displayed, if not, I prompt the user with the login_form.
My issue is this: since I include the form as above, if I know the URL, I can go directly to the form, and it is strictly an html form, no CSS, nothing. Can I set the permission on the form files so that if someone somehow guesses the URL to the form it wont be displayed? Other suggestions?
Thanks