Web Analytics Made Easy -
StatCounter Need help with Log-In page and routing - CodingForum

Announcement

Collapse
No announcement yet.

Need help with Log-In page and routing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help with Log-In page and routing

    So I have finally figured out how to Register and Log-In users!

    One mini-victory!

    Now a user reading "Postage Meters can save you money" can either Log-In or Register and then land back where they were at and add a comment to the article page.

    All fine and dandy, however, now I want to expand where people can Log-In and Register, and more importantly I need a strategy to handle routing people after they Register/Log-in?!


    Currently, I capture which Article a user is reading and stored "ReturnToPath" in the SESSION from the "article.php" page which is a dynamic page that serves up different articles.

    That works fine, but not for other situations.

    I have since added Log-In and Register links to my Page Header.

    If a user is on "index.php" and Logs-In, I suppose they should be brought back to "index.php"?!

    In most cases I would assume this is the behavior you'd want, right?)

    But if a user were Checking Out and on Step #1, after they log in, they would probably want to proceed to Step #2.

    For now, I guess I need a way to keep what I have (i.e. When a user is on some article, wants to Log-In to comment, then take them back to that Article) but for any other pages, if a user is on Page-A and wants to Log-In, then take them back to Page-A.

    Not sure if this is making any sense?!

    (*Hint: Right now, I only capture "ReturnToPath" in "article.php" so that is a problem...)

    Thanks,


    Debbie

  • #2
    Capture returntopath in any page you want to be returnable. Otherwise, have them unset.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

    Comment


    • #3
      Originally posted by Fou-Lu View Post
      Capture returntopath in any page you want to be returnable. Otherwise, have them unset.
      Not sure I follow.

      It seems to me what I need to do is capture the page a user is on, store it somewhere (e.g. Database, Cookie, Session) and then pass that to "log_in2.php" and then have that script return the user back to said page.

      From everything I've researched, using HTTP_REFERER is a *bad* idea...

      If you are on "some_page.php" and click on the "Log-In" hyperlink in my page header, how can I take a snap-shot of where you are at as you click on the link??


      Debbie

      Comment


      • #4
        How did you do it on the articles page? Its the same thing.
        PHP Code:
        header('HTTP/1.1 420 Enhance Your Calm'); 
        Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

        Comment


        • #5
          Originally posted by Fou-Lu View Post
          How did you do it on the articles page? Its the same thing.
          Well one problem is that to do things the way I did it with...

          Article ---> Log-In ---> Article

          is that I'd have to put...

          Code:
          $_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];
          ..on every page on my website.

          The more logically approach is "Don't call us, we'll call you."

          Either...

          1.) When a user clicks on the "Log-In" link on any given page, I then capture wherever they are at and send it to the "log_in.php" script, or

          2.) When a user lands on "log_in.php", that page somehow looks to see where the user came from, athough everything I have read says that HTTP_REFERE is insecure and a poor choice.

          ----

          I want my Log-In to work like Amazon.com where you click on a link and are taken to a dedicated Log-In page. (I may change that design later, but for now I want Logging-In to be a focused activity.)

          I am also confused how all of this will work if 50% of my pages have "pretty URL's" and rely n my mod_write to convert them to URL's with Query Strings and then the other 50% of my pages are just "index.php", "contact_us.php", "upcoming_events.php"

          Sorry for being so confused, but this is harder to conceptualize and implement than you'd think for a newbie?!


          Debbie

          Comment


          • #6
            So you're wanting these to become magically populated?
            HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
            The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
            'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.
            PHP Code:
            header('HTTP/1.1 420 Enhance Your Calm'); 
            Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

            Comment


            • #7
              Originally posted by Fou-Lu View Post
              So you're wanting these to become magically populated?
              HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
              The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
              'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.
              Not expecting anything "magically", but unsure of how to pass or capture the "returnToPath".

              Maybe I should just add this to the top of every file in my website that has the Log-In Header...

              Code:
              $_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];
              ...and then if they click on the Log-In link I will have captured where they were at.

              I dunno, that just doesn't seem very sophisticated and requires I remember to add the code to the right pages.

              Seems like there would be a better approach?!



              Debbie

              Comment


              • #8
                That won't work either. If a user moves from a page to another page that does not capture their location, and then logs in it will end up at the previous article instead of at the index. A simple global script will do this:
                PHP Code:
                <?php
                session_start
                ();
                $aReturnable = array('article.php''anotherscript.php'); // Or draw these from a datastore.
                // Or you can create an array of not returnable and invert the in_array check.

                $sPath basename($_SERVER['SCRIPT_NAME']);
                if (
                in_array($sPath$aReturnable))
                {
                    
                $_SESSION['returnToPath'] = $_SERVER['SCRIPT_NAME'] . (isset($_SERVER['QUERY_STRING']) ? '?' $_SERVER['QUERY_STRING'] : '');
                }
                else if (isset(
                $_SESSION['returnToPath']))
                {
                    unset(
                $_SESSION['returnToPath']);
                }
                You can do a lot more to verify that url as valid to a previous page, but I'm not going to bother on this.
                PHP Code:
                header('HTTP/1.1 420 Enhance Your Calm'); 
                Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

                Comment

                Working...
                X