1

I am currently working on a zend framework site using an ACL.

The ACL works and uses a DB for storing privaliges. What I have done so far is, on in a preDispatch I capture where the user wanted to go to, and if they need to login to get there the page displays the login form. I have also captured if a user has submitted a form and stored the data (location and form data). No problems so far.

The user submits the login form, and I then check if I have a location to send them onto, again no problems here, this works.

However I want to be able to submit the original form data now they are autherised - the only problem is, if I redirect them to the page, the call to:

$this->getRequest()->isPost()

fails as it isn't a post request.

I can forward the user to the page on sucessful login, and in the preDispatch set $_POST to the data originally captured, this works as the original POST still stands, this works but I do not think is the correct way to do this - specially the URL - obviously the page displayed is correct, the form has been submitted correctly, but the URL is of the login process.

Obviously I could change from using $this->getRequest()->isPost() but as there are large amounts which would need changing I was hoping not to have to do this.

Scoobler
  • 9,696
  • 4
  • 36
  • 51
  • possible duplicate of [Redirect to new page w/ POST data (PHP/Zend)](http://stackoverflow.com/questions/1309456/redirect-to-new-page-w-post-data-php-zend) – Gordon Nov 01 '10 at 13:35
  • That is something very similar but at the same time different - I have currently used basically that solution, but as stated I end up with the user being shown the results of the POST, but at the wrong URL, which isn't exactly important, but I would prefer the URL to be correct. – Scoobler Nov 01 '10 at 14:35
  • @Scoobler Check Netbeans 7.0. It has nice refactor options. You will change all the ocurrences within few clicks. – takeshin Nov 01 '10 at 16:29
  • cant you use forward('action', array($post)); ? – opHASnoNAME Nov 01 '10 at 18:29
  • @ArneRie No. The user will type the login first, so the current post request cannot be just forwarded because it will create a new post request for the login. And then, if you forward with params it will not be a post request unless you use something like cURL. But this is at server side, not client side, so the result is displayed on the url that make the request, not the real one. This is a good question! – Keyne Viana Nov 02 '10 at 03:19
  • @Keyne That is exactly the problem - I am using the forward without passing the post data - as I capture the original POST data and store it in the session when the login form is displayed. On successfull login (POST from the login form) I can forward the request onto the original location, and now set the $_POST var to the session value, which does work, but like you say the user is still at the wrong URL as it is the scripts rerouting rather than the page being redirected like you say! Cheers. – Scoobler Nov 02 '10 at 08:52

1 Answers1

0

The way it's done usually (seen this on many sites), would be to store the form data and requested action in session, then redirect the user to a login page. When login is authorized, you read the session for any pending action, reload the form and populate it with data from session (properly clearing any pending action from session afterwards). The user would just have to click Submit again.

The other way to do this would be to use HttpClient and submit the data as POST with it.

netcoder
  • 66,435
  • 19
  • 125
  • 142
  • Thanks for the idea, but would have two problems here - I caputure the action and controller the user is on their way to only when their autherisation has expired (which could have been a timeout) so to know where they were coming from and return them would be more time consuming for the user. I would prefer for it to continue what the user was doing as soon as they are autherised. Have you any more details on using HttpClient - I tried as the documentation says but didn't seem to get it working as I wanted. – Scoobler Nov 01 '10 at 14:41
  • You can find Zend_Http_Client documentation here: http://framework.zend.com/manual/1.11/en/zend.http.client.advanced.html. Alternatively, you can use fopen() with stream_context_create(), like in this example here: http://www.php.net/manual/en/function.stream-context-create.php#72017 – netcoder Nov 01 '10 at 14:49
  • I have tried both of these methods now and it seems they are both doing a very similar thing to zend forwarding the request - they are submitting the data and getting the results, then showing them in the current page - which leaves me with the wrong URL still. – Scoobler Nov 01 '10 at 16:49
  • @Scoobler What if you send the user to the form again and populate the data previously stored in the session, then mark it to re-submit through javascript? – Keyne Viana Nov 02 '10 at 03:28
  • @Keyne That would be an option, but one slight problem I could see, IF the user has javascript off it wouldn't work. Ok they only have to press submit again which is much better than if the form data had been 'lost'. But I really would have thought there would be a way to start off an artificial POST so to speak. – Scoobler Nov 02 '10 at 08:55