Login/Authorization best practices in a PHP MVC environment

I am working with a homebuilt MVC-oriented framework, and need to implement a login page.

At the moment, the way it works is each controller that needs authorization calls its authorize() method, which in pseudo-code looks like:

protected function authorize() {
    if (logged in) {
        return true;
    }
    if (login form submitted) {
        authorize/validate username/password
        if (!valid) {
            render login form
            return false;
        } else {
            mark user logged in
            return true;
        }
    } else {
        render login form
        return false;
    }
}

I would like to move this logic to its own LoginController, but that would require 'remembering' where the original request was to, and saving all POST and GET data, then doing a redirect to get to the LoginController.

What is the best way of logging a user in, in regards to good MVC design, and the KISS principle?

Answers


I'm not sure if you are using session data but I would save the URL PATH to the session. Redirect to the new LoginController. Once the login is satisfied redirect the browser to the saved URL PATH found in the session data. The session code should be a helper/library code not in the controller. Make sure you clear the URL PATH also once the login is satisfied.


Need Your Help

Splitting background horizontally in half (with different colors) in Zurb Foundation 5

html css responsive-design zurb-foundation

Is there a way to split the background of a full-width row 50/50 while using Foundation's grid system? Here's an example of what I'm trying to do:

css specificity for hovering

html css css-specificity

I'm having css specificity issues.