Login/Authorization best practices in a PHP MVC environment
I am working with a homebuilt MVC-oriented framework, and need to implement a login page.
At the moment, the way it works is each controller that needs authorization calls its authorize()
method, which in pseudo-code looks like:
protected function authorize() {
if (logged in) {
return true;
}
if (login form submitted) {
authorize/validate username/password
if (!valid) {
render login form
开发者_运维问答 return false;
} else {
mark user logged in
return true;
}
} else {
render login form
return false;
}
}
I would like to move this logic to its own LoginController, but that would require 'remembering' where the original request was to, and saving all POST and GET data, then doing a redirect to get to the LoginController.
What is the best way of logging a user in, in regards to good MVC design, and the KISS principle?
I'm not sure if you are using session data but I would save the URL PATH to the session. Redirect to the new LoginController. Once the login is satisfied redirect the browser to the saved URL PATH found in the session data. The session code should be a helper/library code not in the controller. Make sure you clear the URL PATH also once the login is satisfied.
精彩评论