I do authorization on the site. When a user enters data, they are sent to the server, processed and returned a message. But the problem is that after the user clicks the "Authorization" button, I have a double redirect (it seems so called), that is, the first time the redirect occurs after the user sends the data, and the second time, it does I have written a function. Let me show you how this whole thing works for me:

Function in the model.php file

 function authorization () {
     $ link = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) 
             or die (mysqli_error ($ link)); ``

     $ responseArray = [];
     $ access = true;
     $ login = clear ($ _ POST ['login']);
     $ password = clear ($ _ POST ['password']);
     $ login_hash = md5 (md5 (time () + time () * rand (2,10)));

     if (empty (login)) 
         $ responseArray ['error'] ['login'] = 'Login cannot be allowed';

     if (empty ($ password)) 
         $ responseArray ['error'] ['password'] = 'The password cannot be empty';


     if ($ responseArray ['error']) $ access = false;

     if ($ access) {
         $ select_query = "SELECT id, user, password, login_hash, user_ip 
                          FROM user_credentials 
                          WHERE user = '$ login'  
                          AND activated = 1 ";

         $ select_result = mysqli_query ($ link, $ select_query) 
                          or die (mysqli_error ($ link));

         if (mysqli_num_rows ($ select_result)> 0) {
             $ select_arr = mysqli_fetch_assoc ($ select_result);
             $ password_correct = $ select_arr ['password'];

             if (! password_verify ($ password, $ password_correct)) {
                 $ responseArray ['error'] ['denied'] = 'Hibny login abo password';
                 $ _SESSION ['auth'] ['login'] = $ login;

             } else {

                 $ query_insert = "UPDATE user_credentials 
                                SET login_hash = '$ login_hash' 
                                WHERE user_credentials.user = '$ login' ";

                 mysqli_query ($ link, $ query_insert) or die (mysqli_error ($ link));

                 setcookie ('auth', $ login_hash, time () + 3600 * 2, '/ admin /');
                 setcookie ('login', md5 ($ login), time () + 3600 * 2, '/ admin /');

                 $ responseArray ['success'] ['auth'] = 'You are in the system';
             }

         } else {
             $ responseArray ['error'] ['denied'] = 'There is no such answer ”;
             $ _SESSION ['auth'] ['login'] = $ login;
         }
     }
 return $ responseArray;
 }

After that, the data is sent to the server, and $responseArray should return with the desired message.

But in the file controller.php , where I call the function at the right moment, I wrote the following:

 if ($ _ SERVER ['REQUEST_METHOD'] == 'POST' && isset ($ _ POST ['authorization'])) {
        $ responseArray = authorization ();
        redirect ();
     }

redirect(); - I have a separate f-tion that overloads the page. This is what I do to prevent the form from being sent again in case the user reloads the page. Here is the f-tion itself:

 function redirect () {
     $ redirect = isset ($ _ SERVER ['HTTP_REFERER'])?  $ _SERVER ['HTTP_REFERER']: VIEW;
     header ("Location: $ redirect");
     exit;
 }

I get messages in the file authorization.php

What I need? After the user presses the authorization button to display messages from the responseArray array after this redirect(); . Without it, everything works fine, is displayed. But as soon as I redirect, the array disappears. Advise me how to solve this issue. Thank.

  • add an array to a thread in a session - splash58

3 answers 3

I once did display messages through the session, something like this:

 $ _SESSION ['message'] ['error'] = 'Invalid username or password';

But I was told that the conclusion of this through the session is a bad idea, and they called the gavkodode). And now I'm trying to do differently, but I’m not really understanding how

  • I do not remember exactly, the toli in CodeIgniter, the toli in Yii (1), specifically for this, a similar function was implemented, just through the sessions. Personally, I think this is the norm. But you need to be sure that the session has already started through session_start() . - A1essandro
  • in codeigniter Flashdata - splash58
  • one
    I will add that when implementing such a function, after receiving the information, it will be necessary to clear the field (as in the same CI) in order not to issue messages all the time. Those. ...setFlashData('messageForUser', $message) data before the redirect ...setFlashData('messageForUser', $message) , and when displaying this message via ...getFlashData('messageForUser') - the field / key should be automatically cleared by the key 'messageForUser' - A1essandro
  • Why write errors in the session? When it is necessary for the server to immediately respond to the request, and not understand where it was recording, and only then output it. Bad example. - And
  • You can do it through a session, sometimes you even need to not pass any parameters and do not invent anything else ... you just need to correctly write a couple of set and get methods ... @ A1essandro described above about how exactly - Vlad Chyorny

If 301 redirect for GET - the data in the final script will come: the client (browser) will follow the redirect, maybe several, and if the latter returns 2xx - this data will be used.

With a POST request, the situation is different: if 301 is returned, the client goes to a new address, but already with GET . To the client again threw the post, return with 307 redirect.

    Pass the array through the session between the scripts. Although, it is better to avoid forced page redirects: this is very annoying to the user.

    To prevent data from being sent again, you can do the following:

    1. we generate random number and we remember it in session
    2. add a hidden field to the form with this random number
    3. in the handler, check if the number from the session matches the one that was passed from the form. If yes, then the page did not reload and you can work. If not, the user has updated the page and we do not need to re-accept the data.