Where do I go after "Create an Account"?

PHP
1

I have a “Create an Account” PHP page.

Assuming the form data is valid, where should control go when the User submits the Form??

1.) Redirect to a New Page?

2.) Load the Page Onto Itself?

My 1st Approach


HTML to Open Page
If Form Submitted, then...
	PHP to handle Form
	If Account Created, echo HTML with Success Message and Close Out Page with HTML
	If Account Failed, echo HTML with Failure Message and Close Out Page with HTML
else, drop through to HTML Form and Closing HTML

(Having different sets of HTML to close out the web page depending on which fork you go down is insane?!)

My 2nd Approach


If Form Submitted, then...
	PHP to handle Form
	If Account Created, code=111 and Redirect to "Outcome Page" which looked up 111 and displayed appropriate message
	If Account Created, code=222 and Redirect to "Outcome Page" which looked up 222 and displayed appropriate message
else, drop through to HTML Form and Closing HTML

(This second approach is somewhat cleaner because my “Outcome Page” is one set of HTML with just different messages displayed, and it prevents issues with the User submitting the Form, then hitting the Back button and then the Forward button and creating issues.)

I still feel like this 2nd approach is kinda “hokey” and could use help coming up with a better approach.

(Before going on, let me say I am not ready to learn OOP or MVC, so please keep solutions to plain-vanilla, procedural coding.)

I have heard that using Redirects is a good idea, but I’m just thinking that having this “Outcome Page” is kinda weird.

I dunno?! :-/

The 2nd approach is working okay, but I’m sure it could be better…

Thanks,

Debbie

2

It depends on whether you require the user to first activate the new account or not, say via clicking a link in an email sent to them after the new account has been created. You have more protection against bots creating accounts if you require a human to actually activate the account.

3

More or less what Max Height said in a nutshell:

With user activation
Show a page after a successful user registration that explains an activation email has been sent to the email of their choice and it will arive within the next 24 hours of their activation, when they receive the activation email and it’s confirmed with the database redirect them to their profile page.

Without user activation
Require the user to login straight after a successful registration using a form with a CAPTCHA code to ensure that most bots can’t get through, some bots will get through however so you would need to look into using a service such as http://www.stopforumspam.com/

4

You guys missed the entire point of my question…

I was asking about from a TECHNICAL standpoint whether you re-direct to the same page after form submittal or you re-direct to another page.

Also I am trying to get a handle on whether my original way is better, or if my re-direct way has merits, or if I should try something entirely different?!

Debbie

5

Normally, if everyone that replies “misses” the point of the op’s question then it is far more likely the op didn’t ask the correct question and not the other way round :slight_smile:

But even with your “updated” question, my original reply relative to your “technical standpoint” still applies.

6

But it doesn’t answer my question…

Debbie

7

I have answered the question you actually asked and sgtLegend elaborated on it. If you haven’t got the answer you need then what you meant to ask in your mind and what you actually asked in your post are 2 different things. Someone else can try and work out what you really want.

8

To add further, it depends on the requirement itself.

Say, if it is quick sign up - you may want to redirect user to step 2 to fill out the profile so that data makes sense. Sometimes only registration is not enough.

9

Hi Debbie,

Hopefully this helps.

I like to redirect to a new page. It will be hard form me to provide procedural code examples because most my code is OOP, but the theory is just the same. Redirect actually can help with re-posting. For example, in one of my login pages which tracks the number of time a user logins in, it gives them 5 chances, then it redirects them to time out logic (really it is set using ajax in the same login page, but it is a redirect just the same), then if they try to login during the time-out running then they get redirected to a random set of urls like google.com, bing.com, yahoo.com

By controlling where I redirct the user I can use php headers to redirct back to the form therefore removing the reposting problems as it is a brand new page refresh. Even if a user tries to use the BACK button it won’t matter because when the arrive on the account creation page it is a new page request.

Redirecting to a non-form based page means that a hacker has a very difficult time as they can’t simply try to build a bogus form that bypasses validation, session handling, authentication or permissions.

Again the approach I would recommend you take is to have the HTML form to post to a php page that processes what happens - i.e. having success/failure messages, auto-authentication (session hashed user validation) for successful account creators, redirection back to account creation form for non successful account creators.

Be careful that you don’t give a user unlimited tries as it could be an auto attack; track number of unsuccessful attempts and lock the door if too many times or delay future attempt until x time has passed.

Regards,
Steve