SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,764
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Where do I go after "Create an Account"??

    I have a "Create an Account" PHP page.

    Assuming the form data is valid, where should control go when the User submits the Form??

    1.) Redirect to a New Page?

    2.) Load the Page Onto Itself?


    My 1st Approach
    Code:
    HTML to Open Page
    If Form Submitted, then...
    	PHP to handle Form
    	If Account Created, echo HTML with Success Message and Close Out Page with HTML
    	If Account Failed, echo HTML with Failure Message and Close Out Page with HTML
    else, drop through to HTML Form and Closing HTML
    (Having different sets of HTML to close out the web page depending on which fork you go down is insane?!)

    My 2nd Approach
    Code:
    If Form Submitted, then...
    	PHP to handle Form
    	If Account Created, code=111 and Redirect to "Outcome Page" which looked up 111 and displayed appropriate message
    	If Account Created, code=222 and Redirect to "Outcome Page" which looked up 222 and displayed appropriate message
    else, drop through to HTML Form and Closing HTML
    (This second approach is somewhat cleaner because my "Outcome Page" is one set of HTML with just different messages displayed, and it prevents issues with the User submitting the Form, then hitting the Back button and then the Forward button and creating issues.)

    I still feel like this 2nd approach is kinda "hokey" and could use help coming up with a better approach.

    (Before going on, let me say I am not ready to learn OOP or MVC, so please keep solutions to plain-vanilla, procedural coding.)


    I have heard that using Redirects is a good idea, but I'm just thinking that having this "Outcome Page" is kinda weird.

    I dunno?!

    The 2nd approach is working okay, but I'm sure it could be better...

    Thanks,


    Debbie

  2. #2
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post

    Assuming the form data is valid, where should control go when the User submits the Form??
    It depends on whether you require the user to first activate the new account or not, say via clicking a link in an email sent to them after the new account has been created. You have more protection against bots creating accounts if you require a human to actually activate the account.

  3. #3
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,191
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    More or less what Max Height said in a nutshell:

    With user activation
    Show a page after a successful user registration that explains an activation email has been sent to the email of their choice and it will arive within the next 24 hours of their activation, when they receive the activation email and it's confirmed with the database redirect them to their profile page.

    Without user activation
    Require the user to login straight after a successful registration using a form with a CAPTCHA code to ensure that most bots can't get through, some bots will get through however so you would need to look into using a service such as http://www.stopforumspam.com/

  4. #4
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,764
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SgtLegend View Post
    More or less what Max Height said in a nutshell:

    With user activation
    Show a page after a successful user registration that explains an activation email has been sent to the email of their choice and it will arive within the next 24 hours of their activation, when they receive the activation email and it's confirmed with the database redirect them to their profile page.

    Without user activation
    Require the user to login straight after a successful registration using a form with a CAPTCHA code to ensure that most bots can't get through, some bots will get through however so you would need to look into using a service such as http://www.stopforumspam.com/
    You guys missed the *entire* point of my question...

    I was asking about from a TECHNICAL standpoint whether you re-direct to the same page after form submittal or you re-direct to another page.

    Also I am trying to get a handle on whether my original way is better, or if my re-direct way has merits, or if I should try something entirely different?!


    Debbie

  5. #5
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    You guys missed the *entire* point of my question...
    Normally, if everyone that replies "misses" the point of the op's question then it is far more likely the op didn't ask the correct question and not the other way round

    But even with your "updated" question, my original reply relative to your "technical standpoint" still applies.

  6. #6
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,764
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Max Height View Post
    Normally, if everyone that replies "misses" the point of the op's question then it is far more likely the op didn't ask the correct question and not the other way round

    But even with your "updated" question, my original reply relative to your "technical standpoint" still applies.
    But it doesn't answer my question...


    Debbie

  7. #7
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    But it doesn't answer my question...
    I have answered the question you actually asked and sgtLegend elaborated on it. If you haven't got the answer you need then what you meant to ask in your mind and what you actually asked in your post are 2 different things. Someone else can try and work out what you really want.

  8. #8
    SitePoint Addict eanimator's Avatar
    Join Date
    Sep 2005
    Posts
    396
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To add further, it depends on the requirement itself.

    Say, if it is quick sign up - you may want to redirect user to step 2 to fill out the profile so that data makes sense. Sometimes only registration is not enough.

  9. #9
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi Debbie,

    Hopefully this helps.

    Quote Originally Posted by DoubleDee View Post
    I have a "Create an Account" PHP page.

    Assuming the form data is valid, where should control go when the User submits the Form??

    1.) Redirect to a New Page?

    2.) Load the Page Onto Itself?
    I like to redirect to a new page. It will be hard form me to provide procedural code examples because most my code is OOP, but the theory is just the same. Redirect actually can help with re-posting. For example, in one of my login pages which tracks the number of time a user logins in, it gives them 5 chances, then it redirects them to time out logic (really it is set using ajax in the same login page, but it is a redirect just the same), then if they try to login during the time-out running then they get redirected to a random set of urls like google.com, bing.com, yahoo.com ...

    By controlling where I redirct the user I can use php headers to redirct back to the form therefore removing the reposting problems as it is a brand new page refresh. Even if a user tries to use the BACK button it won't matter because when the arrive on the account creation page it is a new page request.

    Redirecting to a non-form based page means that a hacker has a very difficult time as they can't simply try to build a bogus form that bypasses validation, session handling, authentication or permissions.

    Quote Originally Posted by DoubleDee View Post
    My 1st Approach
    Code:
    HTML to Open Page
    If Form Submitted, then...
        PHP to handle Form
        If Account Created, echo HTML with Success Message and Close Out Page with HTML
        If Account Failed, echo HTML with Failure Message and Close Out Page with HTML
    else, drop through to HTML Form and Closing HTML
    (Having different sets of HTML to close out the web page depending on which fork you go down is insane?!)

    My 2nd Approach
    Code:
    If Form Submitted, then...
        PHP to handle Form
        If Account Created, code=111 and Redirect to "Outcome Page" which looked up 111 and displayed appropriate message
        If Account Created, code=222 and Redirect to "Outcome Page" which looked up 222 and displayed appropriate message
    else, drop through to HTML Form and Closing HTML
    (This second approach is somewhat cleaner because my "Outcome Page" is one set of HTML with just different messages displayed, and it prevents issues with the User submitting the Form, then hitting the Back button and then the Forward button and creating issues.)
    Again the approach I would recommend you take is to have the HTML form to post to a php page that processes what happens - i.e. having success/failure messages, auto-authentication (session hashed user validation) for successful account creators, redirection back to account creation form for non successful account creators.

    Be careful that you don't give a user unlimited tries as it could be an auto attack; track number of unsuccessful attempts and lock the door if too many times or delay future attempt until x time has passed.

    Regards,
    Steve
    ictus==""


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •