Alright, thank you! Just to make sure I got this right, according to your example:
require_once('header_styles.php');
Will basically be my opening <html lang="en"> to my first <body> tag. (Only HTML)
require_once('index_login_messsage.php');
Will be where I check for login errors like if the password matches the one stored in database & if email is verified or will I simply put the else/if statements that check for login error(s) within the if ($results) statement?! (Both HTML & PHP)
require_once('index_login_bad_account_message.php');
Will be a simple error that tells the user, no account exists with the posted alias. (Only HTML)
require_once('index_logged_in_view.php');
Will be where the signed in module is that shows user avatar, preferences, and sign out page. (Only HTML)
require_once('views/index_view.php');
Will be where the login form when user is not signed in. (Only HTML)
require_once('account_info.php');
Where the signed in module from index_logged_in_view.php will get the account information from. This will be where I will fetch all the information from the user in the database (id, alias, firstname, lastname, etc.). (Only PHP)
No. Since you see to like to tell the user something first before redirecting. index_login_message is just for that reason. Otherwise, I would of suggested to use sessions and redirect back and then display the error accordingly.
Correct.
Correct.
Correct.
Correct.
I would do it this way so that all my PHP intensive activities are in one file and all of my HTML stuff is in another file. It doesn’t hurt to use some PHP in the HTML stuff, but those typically should be for conditions to display something.
Where would you recommend that I put the else / if statements that checks for password(s) matching, email being verified, etc?! Sorry just a bit stuck here because I want to stay within the rule and try to keep least amount of php inside the same file as HTML.
Do that in the controllers. And set a session cookie. Then all the things you need to do. And then do a redirect back to the index page. Next, check if the session cookie exists. If it does, then output a message saying something like “Your account has been activated” or something like that. If the session cookie doesn’t exist, set another session cookie and redirect them back to the index page. This time, tell them something went wrong processing their information.
Yup. Looking decent. Since you really like functions, it’s appropriate to use them when you want to return data. This is usually the ideal way to do it in the actualMVC as well. What you would normally do is something like so.
$userAccount = $this->model-->userAccount($_POST['email']);
if($userAccount == false) {
.... Redirect the user back to the login page.
} else {
.... Set the user session cookie
}
And the contents of $userAccount is returned from the Models file. Something you can do with your function calls.
You have to stop doing this. I’ve told you numerous times this will give you a headers already sent error if you have a properly configured PHP environment. Instead, place them before your require or before you echo anything.
These don’t make sense if you’re going to display them the message like how you are doing it. These are supposed to be for if you are redirecting them without page refresh or wait time. This is to tell the user what kind of error message they should be seeing.
Again, you really need to stop doing this. You need to understand that header() calls needs to be before you print, echo, die, exit, print_r, require_once, require, include_once, or include. Anything that outputs to the screen has to be after you use header() or yourredirect() function.
Sorry I honestly thought that I had it setup on my WAMPserver. I am not sure what I am doing wrong when it comes to calling my errors. I have it setup correctly in my configuration file(s) php.ini.
I fixed that line of code so now nothing is being printed, echo, etc. until after the header(s) are called:
I’m sorry I thought I had to create session cookies according to what error will be showed. I didn’t think you just set a session cookie without it equaling something. When I just use something like
$_SESSION['alias'];
without it being equal to anything it gives me an undefined index error.
I also fixed all my statements so now anything that outputs to the screen is after my header or redirect function. #includes\index_login_bad_account_message.php:
<?php
<?php
require_once 'includes/header_styles.php';
if (isset($_SESSION['activated'])) {
redirect('index.php');
session_unset($_SESSION['activated']);
print '<p class="input_info">account not activated</p>';
}
if (isset($_SESSION['password'])) {
redirect('index.php');
session_unset($_SESSION['password']);
print '<p class="input_error">password invalid.</p>';
}
if (isset($_SESSION['alias'])) {
redirect('index.php');
print '<p class="input_success">login successful.</p>';
}
?>
The point of having the cookie is to indicate to PHP which error message should be shown. If you redirect without wait time to a page, you should give the user an idea why their submission failed. This is where you can use the session cookie and tell them exactly what is to be expected in the input fields.[quote=“cscodismith, post:49, topic:295549”]
I also fixed all my statements so now anything that outputs to the screen is after my header or redirect function.
[/quote]
Looking decent now.
Since we’re on the same page now for your setup. I’ll address what was wrong with your old code. The reason why the “yes” and “no” buttons didn’t work was because the form that submits the answer goes back to the same page it was on. Since you had other stuff before it, this would fail because specific fields were required in your old code to use certain things. This was poorly designed. I highly suggest that you use specific action attributes to the form instead of leaving out the action attributes because this will fail if you have more than 1 thing that requires the same page and gets triggered in different ways. You should be targgeting different files based on the action. For example, if you want to log someone in, it would be appropriate to use login.php as the action. If you want to submit a user preference, it would be appropriate for to use something like account.php. The bad design comes from adding so much things that rely on just 1 file. This will not work because not everything will be called and it’ll also fail because since not everything will be called, certain things aren’t submitted. This will then redirect the page back to itself once more because the specific field was not submitted. This is why you could not get it to work.
Isn’t that what I am doing now with the session cookies?! Sorry if I am misunderstanding something.
Within the login.php file I assume that is where I would check the login to make sure the credentials are correct like I am doing in the index.php file?
You are a little bit, but the point of using those sessions is only if you do a redirect that has no wait time. The redirect you have has a wait time. So this wouldn’t make sense to use because the whole point of setting sessions is to make a state where you can use to tell the user that something went wrong because they failed your validation. Since you have a wait time on your redirect, all you really need is separate files telling the user that they are missing something. It would not make sense to set a session for this part and display message at the same time in the same place. It makes using sessions really redundant at this point.
How many times do I have to tell you to not do this until you understand that this is the wrong way to do it? I have told you 5 times already. The next time, I won’t tell you again nor will I continue this discussion. I have also stated why in post #48 if you fail to remember.
So instead of just setting sessions I would have a seperate file for each error? Something like this I would imagine? #includes/find_conflict.php
<?php
require_once '../index.php';
// check for any conflicts!
if ($results['activated'] != '1') {
redirect('../index.php');
require_once('index_login_not_activated.php');
} elseif (password_verify($_POST['password'], $results['password'])) {
redirect('../index.php');
require_once('index_login_invalid_password.php');
} else {
redirect('../index.php');
require_once('index_login_successful.php');
}
?>
My apologies when I was working on changing that the first time it was on a different file and forgot about doing it on the other when we fixed the first page, sorry about that.
Yup. Just like this. Though I wouldn’t be doing it with the password because you are checking to see if the password worked. And if it did, then you’re telling the user that the password is invalid. That doesn’t make sense at all.
