$CLIENT_ID]);
try {
$payload = $client->verifyIdToken($id_token);
if ($payload) {
$user_domain = isset($payload['hd']) ? $payload['hd'] : '';
// Check if the user's domain is in the allowed list
if (in_array($user_domain, $ALLOWED_DOMAINS)) {
// SUCCESS: User is allowed
$_SESSION['user_id'] = $payload['sub'];
$_SESSION['email'] = $payload['email'];
$_SESSION['name'] = $payload['name'];
header("Location: " . $_SERVER['PHP_SELF']);
exit;
} else {
// FAIL: Valid Google account, but not on the allowed list
// We show a generic message to avoid revealing which domains ARE allowed.
$error_msg = "Access Denied: Your account is not authorized to access this page.";
}
} else {
$error_msg = "Invalid Google Token. Please try again.";
}
} catch (Exception $e) {
$error_msg = "Authentication error. Please contact support.";
}
}
// Check if user is logged in
$isLoggedIn = isset($_SESSION['email']);
// Handle Logout
if (isset($_GET['logout'])) {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
?>
Design Request Forms
