Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Beginning PHP4/PHP 5 ISBN: 978-0-7645-4364-7; v5 ISBN: 978-0-7645-5783-5
This is the forum to discuss the Wrox book Beginning PHP4 by Wankyu Choi, Allan Kent, Chris Lea, Ganesh Prasad, Chris Ullman; ISBN: 9780764543647
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning PHP4/PHP 5 ISBN: 978-0-7645-4364-7; v5 ISBN: 978-0-7645-5783-5 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old February 3rd, 2004, 07:41 PM
Authorized User
 
Join Date: Jan 2004
Location: , , .
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default PHP/Design issue

I wondering how if anybody had any ideas how to write this. I want to have a page that is restricted to only registered users. A non-registered/non-loggedin user can click on a restricted page which takes them to a log in screen, they login and then the server takes them to the restricted page.

Whats the best way to do this? Store the restricted page's address in a hidden input field in the loggin screen (and load when user is loggin in)?

I need some feedback!

Reply With Quote
  #2 (permalink)  
Old February 4th, 2004, 04:36 AM
Authorized User
 
Join Date: Sep 2003
Location: Cambridge, , United Kingdom.
Posts: 41
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
quote: A non-registered/non-loggedin user can click on a restricted page which takes them to a log in screen, they login and then the server takes them to the restricted page.
There are a number of ways to deal with sort of situation. and therefore I would like to know if you are using a database. If so what package are you using? Personally with PHP I would use MySQL, but I know it is not to everyone's tastes, and if you are using the beta of PHP5, I know MySQL is not natively supported, and compiling programs can have a tendency to scare people who aren't used to it (Like me!!!)

Sorry I can't be of more help yet, but I will (hopefully) help you a lot more when you provide this information. (But I promise you, cookies will be used in my solution. Coincidently if anyone knows a situation that doesn't use cookies I would greatly appreciate it. I need to set up something similar to this without cookies.)

Sincerely,

---
David Thorne, Student
UK
Reply With Quote
  #3 (permalink)  
Old February 4th, 2004, 01:31 PM
Friend of Wrox
Points: 2,570, Level: 21
Points: 2,570, Level: 21 Points: 2,570, Level: 21 Points: 2,570, Level: 21
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: San Diego, CA, USA
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts
Default

There are two simple solutions to this problem. The first you've already mentioned -- store the original link in some hidden form input field.

The other way is to store the original link in a session variable.

When you think about it, storing the original link in a hidden form field is just one way of persisting data -- something that the session variable was *designed* to do... so why not use it?


Here's a simple example:

<?php // login_check.inc.php

if (!logged_in()) // assume that you've written logged_in().
{
    $_SESSION['original_url'] = $_SERVER['PHP_SELF']
    header("Location: login.php");
    exit();
}

?>


<?php // Any password-protected page:
session_start();
require_once('login_check.inc.php'); // redirects anyone who's not logged in.

// Here we can assume that everyone's logged in.
// Proceed with the rest of the script.

...

?>

<?php // login.php
session_start();

if (isset($_POST['username'] && $_POST['password']))
{
    // validate user login.
    ...

    $target_url = isset($_SESSION['original_url'])
                    ? $_SESSION['original_url']
                    : 'member_main.php';

    if (login_valid)
    {
        header("Location: {$target_url}");
        exit();
    }
    else display some invalid login error
}

// generate the login form here.
...
?>


Hope the above gives you ideas.


Take care,

Nik
http://www.bigaction.org/
Reply With Quote
  #4 (permalink)  
Old February 4th, 2004, 09:05 PM
Authorized User
 
Join Date: Jan 2004
Location: , , .
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm using PHP 4.3.4 with MySQL 4.18 (i think).

nikolai, i like you're session implementation, so i'm going to try that. So you pretty much think that's the best way? Anyway, it seems pretty good to me.

Thanks

Reply With Quote
  #5 (permalink)  
Old February 4th, 2004, 09:53 PM
Friend of Wrox
Points: 2,570, Level: 21
Points: 2,570, Level: 21 Points: 2,570, Level: 21 Points: 2,570, Level: 21
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: San Diego, CA, USA
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, it's not by itself the best way, but it's the backend to what I'd consider one of the better ways. Remember, whenever there's more than one way of doing something, there's bound to be arguments why each way is "better" than any of the others...

In my example, I used a separate include file to control forcing registered users. In practice, I'd probably define all my user-authentication functions in a single file (user_auth.inc.php or whatever), and write a function to protect the page.

This file would also be where you'd write logged_in() and the code that validates username/password combos.



Take care,

Nik
http://www.bigaction.org/
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Design issue davetx C# 2005 3 February 16th, 2008 01:30 PM
Design issue DeborahP Access 1 March 24th, 2007 09:57 AM
Design issue debuajm Reporting Services 0 April 24th, 2006 09:11 AM
Java Design issue with UML and Design Patterns the_logical_way Apache Tomcat 0 May 31st, 2004 05:02 AM
MVC Design Issue gopalkis J2EE 3 September 22nd, 2003 12:15 AM



All times are GMT -4. The time now is 03:12 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.