php login question

[oha055]

Hi!

 

So I know that when redirecting to administrator pages after login is very often done like this: header(location:admin.php);

 

But what if I didnt want to use header? I'm asking because I would just like to include the admin section within the part of the website I'm currently residing, if that makes any sense. Also, I think using headers is a bit cumbersome.

 

I have just recently started learning PHP, so please excuse me if this is a dumb question

 

 

[AyKay47]

well, a header is the logical way to go about doing this. There are other methods, like a meta redirect and such, but why would you say that headers are "cumbersome"?

[Drongo_III]

If you didnt want to send the user to another page you could set the form's action to '#' which would keep them on the page. Then you could have some logic in your page to check if the form was submitted and if it was it could run whatever login function you have to verify the user. Then if they are logged in you could have some further logic to include admin elements on the current page.

 

Something along those lines.

 

Or you could use ajax to post to the login function and then refresh the page - but you would need to use header again for that

 

But as suggested i would stick with using headers because this is just unecessarily complicating things

[oha055]

Thank you for the quick reply. I'll just stick to headers then

[spiderwell]

no point reinventing the wheel

 

i used header for almost every login i ever made!

[AyKay47]

what I want to know is what exactly you meant by this:

 

 

I'm asking because I would just like to include the admin section within the part of the website I'm currently residing, if that makes any sense.

 

this explanation could dictate the proper answer.

[Adam]

Just to add, response headers are a part of the HTTP foundation. They're the least-cumbersome and most supported way of handling redirection, and should ideally be all you use for it. There's nothing stopping you redirecting back to the same page you're on, which incidentally has the added benefit of overwriting the previous request, preventing "POST-refreshes" (the browser dialogue that pops up when you go back, asking if you want to re-submit the POST data).

 

On the target page you can then simply check the type of user (admin or regular), and display the appropriate output.

[Andy-H]

If you mean what I think you mean (serving different content based on user-level? like

 

 

if ( $user->is_admin )
   // show admin CP

on normal user pages), then that's the wrong way to go IMO, it's processing code that doesn't necessarily need to be processed, I think the best option is direct administrators to a dedicated control panel, however, depending on the performance requirements/user-base of your application, this may not be relevant to you.

[Drummin]

There's nothing stopping you redirecting back to the same page you're on, which incidentally has the added benefit of overwriting the previous request, preventing "POST-refreshes" (the browser dialogue that pops up when you go back, asking if you want to re-submit the POST data).

 

On the target page you can then simply check the type of user (admin or regular), and display the appropriate output.

Agreed.  The site I'm currently working on is like this.