Need help with Log-In page and routing

doubledee

08-25-2011, 06:37 AM

So I have finally figured out how to Register and Log-In users!

One mini-victory!

Now a user reading "Postage Meters can save you money" can either Log-In or Register and then land back where they were at and add a comment to the article page.

All fine and dandy, however, now I want to expand where people can Log-In and Register, and more importantly I need a strategy to handle routing people after they Register/Log-in?!

Currently, I capture which Article a user is reading and stored "ReturnToPath" in the SESSION from the "article.php" page which is a dynamic page that serves up different articles.

That works fine, but not for other situations.

I have since added Log-In and Register links to my Page Header.

If a user is on "index.php" and Logs-In, I suppose they should be brought back to "index.php"?!

In most cases I would assume this is the behavior you'd want, right?)

But if a user were Checking Out and on Step #1, after they log in, they would probably want to proceed to Step #2.

For now, I guess I need a way to keep what I have (i.e. When a user is on some article, wants to Log-In to comment, then take them back to that Article) but for any other pages, if a user is on Page-A and wants to Log-In, then take them back to Page-A.

Not sure if this is making any sense?!

(*Hint: Right now, I only capture "ReturnToPath" in "article.php" so that is a problem...)

Thanks,

Debbie

Fou-Lu

08-25-2011, 02:29 PM

Capture returntopath in any page you want to be returnable. Otherwise, have them unset.

doubledee

08-25-2011, 05:54 PM

Capture returntopath in any page you want to be returnable. Otherwise, have them unset.

Not sure I follow.

It seems to me what I need to do is capture the page a user is on, store it somewhere (e.g. Database, Cookie, Session) and then pass that to "log_in2.php" and then have that script return the user back to said page.

From everything I've researched, using HTTP_REFERER is a *bad* idea...

If you are on "some_page.php" and click on the "Log-In" hyperlink in my page header, how can I take a snap-shot of where you are at as you click on the link??

Debbie

Fou-Lu

08-25-2011, 07:03 PM

How did you do it on the articles page? Its the same thing.

doubledee

08-25-2011, 07:37 PM

How did you do it on the articles page? Its the same thing.

Well one problem is that to do things the way I did it with...

Article ---> Log-In ---> Article

is that I'd have to put...

$_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];

..on every page on my website.

The more logically approach is "Don't call us, we'll call you."

Either...

1.) When a user clicks on the "Log-In" link on any given page, I then capture wherever they are at and send it to the "log_in.php" script, or

2.) When a user lands on "log_in.php", that page somehow looks to see where the user came from, athough everything I have read says that HTTP_REFERE is insecure and a poor choice.

----

I want my Log-In to work like Amazon.com where you click on a link and are taken to a dedicated Log-In page. (I may change that design later, but for now I want Logging-In to be a focused activity.)

I am also confused how all of this will work if 50% of my pages have "pretty URL's" and rely n my mod_write to convert them to URL's with Query Strings and then the other 50% of my pages are just "index.php", "contact_us.php", "upcoming_events.php"

Sorry for being so confused, but this is harder to conceptualize and implement than you'd think for a newbie?! :eek:

Debbie

Fou-Lu

08-25-2011, 08:04 PM

doubledee

08-25-2011, 08:22 PM

So you're wanting these to become magically populated?
HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.

Not expecting anything "magically", but unsure of how to pass or capture the "returnToPath".

Maybe I should just add this to the top of every file in my website that has the Log-In Header...

$_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];

...and then if they click on the Log-In link I will have captured where they were at.

I dunno, that just doesn't seem very sophisticated and requires I remember to add the code to the right pages.

Seems like there would be a better approach?!

Debbie

Fou-Lu

08-25-2011, 08:33 PM

That won't work either. If a user moves from a page to another page that does not capture their location, and then logs in it will end up at the previous article instead of at the index. A simple global script will do this:

<?php
session_start();
$aReturnable = array('article.php', 'anotherscript.php'); // Or draw these from a datastore.
// Or you can create an array of not returnable and invert the in_array check.

$sPath = basename($_SERVER['SCRIPT_NAME']);
if (in_array($sPath, $aReturnable))
{
$_SESSION['returnToPath'] = $_SERVER['SCRIPT_NAME'] . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
}
else if (isset($_SESSION['returnToPath']))
{
unset($_SESSION['returnToPath']);
}

You can do a lot more to verify that url as valid to a previous page, but I'm not going to bother on this.