Not sure why header() needs to be the first line in the script. the
header function can be used anywhere. But your code example (maybe more
of a pseudo code?) doesn't appear to use a class at all.
1. On every page the user needs to be authenticated you should include
an authentication block. If they authenticate, then let them proceed. If
not, then redirect them to the login page to do so. If you're wanting to
do this using a class object, you can either instantiate the object, or
use a static method :
an object oriented approach:
$user = new User(); //assumes you've implemented the User class
$is_logged_in = $user->authenticate();
if (!$is_logged_in) {
header('location: login.php');
exit;
}
more of a static library approach:
if (!User::is_logged_in()) {
header('location: login.php');
exit;
}
Obviously these are very basic examples, and you could encapsulate
things any way you want. The decision should be made based on the
application architecture you're using overall. By having your "check" on
the page the user is trying to get to (rather than sending them
somewhere else first and redirecting, you minimize redirection, and can
use the same process everywhere you need in the application.
Hope this helps!
Randy Moller
Nathan Lane wrote:
I've been trying to reinvent the wheel again (hopefully not really), and
I've come up against a road block. I'm trying to write a multilayer user
authentication script - one that includes a class used as an authentication
object (maybe that's the wrong way to go). Anyway, I don't know a lot about
PHP, and so I found a typical example of how ASP can do it - first you do a
postback with the authentication credentials, then get a state back, and if
the state says the user is authenticated, then it redirects to the proper
page. The only thing I found about redirecting in PHP is using the
header(location) function, except that must be the first line in the script,
so that makes it difficult, because I can't include an external library or
anything, and I can't set a variable before I use it in that, like:
$page = "login.php"
header("Location: " . $page);
if(isAuthenticated())
{
$page = "index.php";
// Postback with new $page value
}
I also thought of conditionally writing a meta tag that redirects the user,
but that didn't seem to work either. Can anybody help me with this (I'm sure
SOMEbody can).
Thanks.
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
