0

I have seen several instances of this question but did not get a clear answer. Here is my scenario

  1. I have a form on login.php - this should submit to loginController.php
  2. Once loginController.php validates against the databse, it should either redirect to home.php or pass back to login.php with appropriate success / error messages
  3. I know I can pass information back-forth between pages using SESSION but I would rather avoid using SESSION for just messages and objects that are page specific.

In JAVA we can embed objects into request object and then forward the control to the next page. Is there something equivalent in PHP?

The way I am doing it at present is as below -

1.loginController.php has the main page and it includes login.php

2.login.php resubmits the data back to loginController.php (sorta recursive submit)

3.Then there is if-then-else logic to determine whether next redirect needs to go to home.php or just include login.php once again with error messages

ChicagoSky
  • 1,290
  • 3
  • 22
  • 50
  • The name "loginController" suggests that you are using a sort of MVC paradigm, is it correct? – Giorgio Aug 30 '14 at 17:39
  • Yes - but I am not using any frameworks. I am using a rudimentary form of MVC - one page for login (the view), one file for controller and another set of classes that represent the model. – ChicagoSky Aug 30 '14 at 18:04
  • Nice. So, I think that when you receive the request of login.html page, your MVC structure will invoke login Controller, that will call login model which will check if username-password are correct and return a result. Depending on this result, login controller will show login view or home view. Is it all correct? – Giorgio Aug 30 '14 at 18:17
  • yes - the loginController will 'include' the login page if the login is incorrect or user is accessing for the first time. The loginController will 'forward' to home page if login is successful – ChicagoSky Aug 30 '14 at 20:07

2 Answers2

1

From our discussion, I think the following snippet may do what you want. You can use $_SESSION variable to store user data and $_POST variable to discriminate if user has submitted username and password data:

Login Controller 

/* Already logged in */
if(isset($_SESSION['username'])
{
    header('Location:home.html');
}

/* Not logged in */
else 
{
    /* Login submitted */
    if(isset($_POST['submit']))
    {
        $user = new User(); // this is an instance of model class
        $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
        $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);

        $login_result = $user->login($username, $password);

        /* Login success */
        if($login_result == true)
        {
            $_SESSION['username'] = $username;
            header('Location:home.html');
        }

        /* Login error */
        else
        {
            $view_data = "Login incorrect"; // here you can set some data to be shown on login view
            showView('login.html'); // pseudo code, change with your code to show login view
        }
    }

    /* Show login form */
    else
    {
        showView('login.html'); // pseudo code, change with your code to show login view
    }
}

Login view 

<?php if(!empty($view_data)) echo $view_data; /* Here you show login result (i.e. errors) */ ?>

<form method="post" action="login.html">
    <input type="text" id="username" name="username" placeholder="Username" />
    <input type="password" id="password" name="password" placeholder="Password" />
    <input type="submit" name="submit" value="Login" />
</form>

Of course, you must implement $user->login method on user model (I strongly suggest you to use PDO statements to query database). This method simply checks user data and returns true on login success and false on failure.

On logout, simply unset($_SESSION['username']) and you're done.

I also suggest you to have a look on something like this session security question, to protect your session against hijacks. Hope it helps.

Community
  • 1
  • 1
Giorgio
  • 1,940
  • 5
  • 39
  • 64
0

You can use query strings.

when you redirect to login.php as a result of an error, your full url will be something like:

login.php?status=error&message=invalid_credentials

in your login.php,

you can access the extra information as follows

$_GET['status'];//will contain the status
$_GET['message'];//will contain the message

Cheers!

Ayo Makanjuola
  • 608
  • 7
  • 14
  • Thank you Makville. Is this the best afforded by PHP? Is there no way to modify the request object like in JAVA? – ChicagoSky Aug 30 '14 at 18:05
  • And how does java exactly modify the request object? You can either propagate data via the communication protocol (HTTP) where the data is visible and you can't attach language constructs to it, or you can save the "object" somewhere on your server and identify it with an identifier and send that via HTTP protocol to another page. And guess what - sessions do that. I'm not a java person, but I sincerely doubt it alters the actual HTTP request to propagate data back and forth. – N.B. Aug 30 '14 at 19:07
  • In JAVA you can invoke `request.setAttribute()` and `request.getAttribute()` to forward objects between pages and controller objects. Its a cleaner way than using the query string and less costly than using a session context - was hoping PHP will have something similar. The request can be of POST type - which means these will not appear in query string - http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getAttribute%28java.lang.String%29 – ChicagoSky Aug 30 '14 at 20:12
  • 1
    In PHP, HTTP request is represented via $_POST / $_GET / $_REQUEST / $_COOKIE superglobal variables and it's not the best mechanism, but that's how it's done. What you *can* do is create a class that wraps those into a usable object similar to java's `request`. However, you don't get that functionality out of the box (you can use something like Symfony's HttpFoundation/Request that does that for you) - you have to develop it yourself. On the lowest level, sessions and java's `request` work the same way - by storing certain data to a server. – N.B. Aug 30 '14 at 20:46
  • Thanks - please post as reply and I will accept the same – ChicagoSky Aug 31 '14 at 02:21