Hi guys. i was wondering if anyone could explain the logic behind the following program
a user who isnt logged in, requests a page. the page redirects to the login page and once logged in is redirected to the page he originally requested and not the default home page.
@ginerjmAug 13.2019 — #So - have you a better explanation of what you are looking for help with? You described the process you are trying to emulate but that's all. BTW - it is a very simple process to develop and begin using. Not so simple if you are trying to add it to an existing site and set of scripts.
@ginerjmAug 13.2019 — #I wont' give you the code but I will elaborate on your already envisioned plan.
Write a script that can be run to manage the input screen for the logging in. Have it validate the inputs and check the database for the correct data. Handle the result if the user has entered incorrectly by re-showing the login screen with an error message. If the info is correct set whatever token you need to recognize that the user is now logged in. Then go to a designated url. Design the script to look for a couple of session vars - one url for a successful login and one url for an unsuccessful one. Prepare these values from the calling script each time you need to trigger a login process. If you want the user re-directed back to the calling script then set the session var to that url.
@NogDogAug 13.2019 — #It's also possible to do without any redirects.
First, create a file that includes the following logic: <i> </i>if the user is logged in (e.g. user_id cookie is set, or however you want to do it) then do nothing else if a POST value is set indicating the login form was submitted then if the submitted data is correct then do nothing else display an error message display/include the login form (see below) exit; // so that nothing else gets processed endif else display/include the login form (action="" so that it still uses this URL/page) exit; // so that nothing else gets processed endif
Then any page that requires the user be logged in can simply require() that login file before anything else gets output. The login form HTML can be a separate include file, or a function within the login script, whatever...just so you only have to code it once.
@ginerjmAug 13.2019 — #I like the re-direct approach since that way I don't have to include the login script code in every other script that needs it. Plus if a user is logged in already then no code is brought into play at all. Simply a check for the "logged-in" token is sufficient. The login script is completely self-sufficient and the 2 session vars allow for the proper results to occur.
I can see that argument, though it's just a one-liner on each page that needs it: <i> </i>require 'path/to/login.php';
It's a little bit more processing server-side, but there's no extra HTTP transactions to do the re-directs. So depending on priorities and style preferences, I'm okay with either.