donglu4633 2010-06-27 15:32
浏览 56
已采纳

PHP MVC环境中的登录/授权最佳实践

I am working with a homebuilt MVC-oriented framework, and need to implement a login page.

At the moment, the way it works is each controller that needs authorization calls its authorize() method, which in pseudo-code looks like:

protected function authorize() {
    if (logged in) {
        return true;
    }
    if (login form submitted) {
        authorize/validate username/password
        if (!valid) {
            render login form
            return false;
        } else {
            mark user logged in
            return true;
        }
    } else {
        render login form
        return false;
    }
}

I would like to move this logic to its own LoginController, but that would require 'remembering' where the original request was to, and saving all POST and GET data, then doing a redirect to get to the LoginController.

What is the best way of logging a user in, in regards to good MVC design, and the KISS principle?

  • 写回答

1条回答 默认 最新

  • doupang4126 2010-09-12 01:03
    关注

    I'm not sure if you are using session data but I would save the URL PATH to the session. Redirect to the new LoginController. Once the login is satisfied redirect the browser to the saved URL PATH found in the session data. The session code should be a helper/library code not in the controller. Make sure you clear the URL PATH also once the login is satisfied.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 目详情-五一模拟赛详情页
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line