Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,108
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Need help with Log-In page and routing

    So I have finally figured out how to Register and Log-In users!

    One mini-victory!

    Now a user reading "Postage Meters can save you money" can either Log-In or Register and then land back where they were at and add a comment to the article page.

    All fine and dandy, however, now I want to expand where people can Log-In and Register, and more importantly I need a strategy to handle routing people after they Register/Log-in?!


    Currently, I capture which Article a user is reading and stored "ReturnToPath" in the SESSION from the "article.php" page which is a dynamic page that serves up different articles.

    That works fine, but not for other situations.

    I have since added Log-In and Register links to my Page Header.

    If a user is on "index.php" and Logs-In, I suppose they should be brought back to "index.php"?!

    In most cases I would assume this is the behavior you'd want, right?)

    But if a user were Checking Out and on Step #1, after they log in, they would probably want to proceed to Step #2.

    For now, I guess I need a way to keep what I have (i.e. When a user is on some article, wants to Log-In to comment, then take them back to that Article) but for any other pages, if a user is on Page-A and wants to Log-In, then take them back to Page-A.

    Not sure if this is making any sense?!

    (*Hint: Right now, I only capture "ReturnToPath" in "article.php" so that is a problem...)

    Thanks,


    Debbie

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Capture returntopath in any page you want to be returnable. Otherwise, have them unset.

  • #3
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,108
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Capture returntopath in any page you want to be returnable. Otherwise, have them unset.
    Not sure I follow.

    It seems to me what I need to do is capture the page a user is on, store it somewhere (e.g. Database, Cookie, Session) and then pass that to "log_in2.php" and then have that script return the user back to said page.

    From everything I've researched, using HTTP_REFERER is a *bad* idea...

    If you are on "some_page.php" and click on the "Log-In" hyperlink in my page header, how can I take a snap-shot of where you are at as you click on the link??


    Debbie

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    How did you do it on the articles page? Its the same thing.

  • #5
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,108
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    How did you do it on the articles page? Its the same thing.
    Well one problem is that to do things the way I did it with...

    Article ---> Log-In ---> Article

    is that I'd have to put...

    Code:
    $_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];
    ..on every page on my website.

    The more logically approach is "Don't call us, we'll call you."

    Either...

    1.) When a user clicks on the "Log-In" link on any given page, I then capture wherever they are at and send it to the "log_in.php" script, or

    2.) When a user lands on "log_in.php", that page somehow looks to see where the user came from, athough everything I have read says that HTTP_REFERE is insecure and a poor choice.

    ----

    I want my Log-In to work like Amazon.com where you click on a link and are taken to a dedicated Log-In page. (I may change that design later, but for now I want Logging-In to be a focused activity.)

    I am also confused how all of this will work if 50% of my pages have "pretty URL's" and rely n my mod_write to convert them to URL's with Query Strings and then the other 50% of my pages are just "index.php", "contact_us.php", "upcoming_events.php"

    Sorry for being so confused, but this is harder to conceptualize and implement than you'd think for a newbie?!


    Debbie

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    So you're wanting these to become magically populated?
    HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
    The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
    'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.

  • #7
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,108
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    So you're wanting these to become magically populated?
    HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
    The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
    'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.
    Not expecting anything "magically", but unsure of how to pass or capture the "returnToPath".

    Maybe I should just add this to the top of every file in my website that has the Log-In Header...

    Code:
    $_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];
    ...and then if they click on the Log-In link I will have captured where they were at.

    I dunno, that just doesn't seem very sophisticated and requires I remember to add the code to the right pages.

    Seems like there would be a better approach?!



    Debbie

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    That won't work either. If a user moves from a page to another page that does not capture their location, and then logs in it will end up at the previous article instead of at the index. A simple global script will do this:
    PHP Code:
    <?php
    session_start
    ();
    $aReturnable = array('article.php''anotherscript.php'); // Or draw these from a datastore.
    // Or you can create an array of not returnable and invert the in_array check.

    $sPath basename($_SERVER['SCRIPT_NAME']);
    if (
    in_array($sPath$aReturnable))
    {
        
    $_SESSION['returnToPath'] = $_SERVER['SCRIPT_NAME'] . (isset($_SERVER['QUERY_STRING']) ? '?' $_SERVER['QUERY_STRING'] : '');
    }
    else if (isset(
    $_SESSION['returnToPath']))
    {
        unset(
    $_SESSION['returnToPath']);
    }
    You can do a lot more to verify that url as valid to a previous page, but I'm not going to bother on this.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •