I am working with a homebuilt MVC-oriented framework, and need to implement a login page.
At the moment, the way it works is each controller that needs authorization calls its authorize()
method, which in pseudo-code looks like:
protected function authorize() {
if (logged in) {
return true;
}
if (login form submitted) {
authorize/validate username/password
if (!valid) {
render login form
return false;
} else {
mark user logged in
return true;
}
} else {
render login form
return false;
}
}
I would like to move this logic to its own LoginController, but that would require 'remembering' where the original request was to, and saving all POST and GET data, then doing a redirect to get to the LoginController.
What is the best way of logging a user in, in regards to good MVC design, and the KISS principle?