Login/Authorization best practices in a PHP MVC environment_问答_开发者

开发者 https://www.devze.com 2023-01-04 17:41 出处：网络

I am working with a homebuilt MVC-oriented framework, and need to implement a login page. At the moment, the way it works is each controller that needs authorization calls its authorize() method, whi

I am working with a homebuilt MVC-oriented framework, and need to implement a login page.

At the moment, the way it works is each controller that needs authorization calls its authorize() method, which in pseudo-code looks like:

protected function authorize() {
    if (logged in) {
        return true;
    }
    if (login form submitted) {
        authorize/validate username/password
        if (!valid) {
            render login form
 开发者_运维问答           return false;
        } else {
            mark user logged in
            return true;
        }
    } else {
        render login form
        return false;
    }
}

I would like to move this logic to its own LoginController, but that would require 'remembering' where the original request was to, and saving all POST and GET data, then doing a redirect to get to the LoginController.

What is the best way of logging a user in, in regards to good MVC design, and the KISS principle?

I'm not sure if you are using session data but I would save the URL PATH to the session. Redirect to the new LoginController. Once the login is satisfied redirect the browser to the saved URL PATH found in the session data. The session code should be a helper/library code not in the controller. Make sure you clear the URL PATH also once the login is satisfied.